Heap-Based Buffer Overflow in Siemens Automation Products

CVE-2024-49775

9.8CRITICAL

Key Information

Vendor: Siemens
Status: Opcenter Execution Foundation; Opcenter Intelligence; Opcenter Quality; Opcenter Rdl
Vendor: CVE Published:; 16 December 2024

Summary

CVE-2024-49775 identifies a critical heap-based buffer overflow vulnerability affecting multiple Siemens automation products, including the Opcenter suite and the Totally Integrated Automation Portal (TIA Portal). This vulnerability resides in the integrated UMC component and could allow an unauthenticated remote attacker to execute arbitrary code. Given the widespread use of these products in industrial environments, the implications of such exploitation could lead to severe operational disruptions. Siemens has acknowledged this vulnerability in all listed versions and it is imperative for users to assess their current configurations and apply necessary mitigations.

Affected Version(s)

Opcenter Execution Foundation < 0

Opcenter Intelligence < 0

Opcenter Quality < 0

Refferences

https://cert-portal.siemens.com/productcert/html/ssa-9289...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Oct 18, 2024

Collectors

NVD DatabaseMitre Database