Heap-Based Buffer Overflow in Siemens Automation Products
CVE-2024-49775

9.3CRITICAL

Key Information:

Vendor
Siemens
Status
Opcenter Execution Foundation
Opcenter Intelligence
Opcenter Quality
Opcenter Rdl
Vendor
CVE Published:
16 December 2024

Badges

📈 Score: 184📰 News Worthy

Summary

CVE-2024-49775 identifies a critical heap-based buffer overflow vulnerability affecting multiple Siemens automation products, including the Opcenter suite and the Totally Integrated Automation Portal (TIA Portal). This vulnerability resides in the integrated UMC component and could allow an unauthenticated remote attacker to execute arbitrary code. Given the widespread use of these products in industrial environments, the implications of such exploitation could lead to severe operational disruptions. Siemens has acknowledged this vulnerability in all listed versions and it is imperative for users to assess their current configurations and apply necessary mitigations.

Affected Version(s)

Opcenter Execution Foundation 0

Opcenter Intelligence 0

Opcenter Quality 0

News Articles

favicon imageGBHackers News

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code.

References

https://cert-portal.siemens.com/productcert/html/ssa-9289...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.