Arbitrary Code Execution Vulnerability in ModelSim and Questa by Siemens
CVE-2024-53977

5.4MEDIUM

Key Information:

Vendor: Siemens
Status: Modelsim; Questa
Vendor: CVE Published:; 11 February 2025

Summary

A vulnerability exists in ModelSim and Questa that could allow an authenticated local attacker to execute arbitrary code. This occurs through a setup script within the affected applications that can load executable files from a current working directory. If an administrator or a process with elevated privileges initiates this script from a user-writable directory, the attacker could leverage this flaw to manipulate or escalate privileges, posing a significant security risk.

Affected Version(s)

ModelSim 0

Questa 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6379...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 25, 2024