certfr_avis - certfr-2024-avi-1062

CERTFR-2024-AVI-1062

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	CPCI85 Central Processing/Communication versions antérieures à V05.30
Siemens	N/A	SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-800126	2024-12-10	vendor-advisory
Bulletin de sécurité Siemens SSA-392859	2024-12-10	vendor-advisory
Bulletin de sécurité Siemens SSA-128393	2024-12-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CPCI85 Central Processing/Communication versions ant\u00e9rieures \u00e0 V05.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52051"
    },
    {
      "name": "CVE-2024-53832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53832"
    },
    {
      "name": "CVE-2024-49849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49849"
    }
  ],
  "initial_release_date": "2024-12-11T00:00:00",
  "last_revision_date": "2024-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1062",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-800126",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-392859",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-128393",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
    }
  ]
}

CVE-2024-49849 (GCVE-0-2024-49849)

Vulnerability from cvelistv5

Published

2024-12-10 13:53

Modified

2025-08-12 11:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/ssa-800126.html

Impacted products

Vendor

Product

Version

Siemens

SIMATIC S7-PLCSIM V16

Version: 0 < *

Siemens	SIMATIC S7-PLCSIM V17	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V16	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V17	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V18	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V19	Version: 0 < V19 Update 4
Siemens	SIMATIC STEP 7 V16	Version: 0 < *
Siemens	SIMATIC STEP 7 V17	Version: 0 < *
Siemens	SIMATIC STEP 7 V18	Version: 0 < *
Siemens	SIMATIC STEP 7 V19	Version: 0 < V19 Update 4
Siemens	SIMATIC WinCC Unified V16	Version: 0 < *
Siemens	SIMATIC WinCC Unified V17	Version: 0 < *
Siemens	SIMATIC WinCC Unified V18	Version: 0 < *
Siemens	SIMATIC WinCC Unified V19	Version: 0 < V19 Update 4
Siemens	SIMATIC WinCC V16	Version: 0 < *
Siemens	SIMATIC WinCC V17	Version: 0 < *
Siemens	SIMATIC WinCC V18	Version: 0 < *
Siemens	SIMATIC WinCC V19	Version: 0 < V19 Update 4
Siemens	SIMOCODE ES V16	Version: 0 < *
Siemens	SIMOCODE ES V17	Version: 0 < *
Siemens	SIMOCODE ES V18	Version: 0 < *
Siemens	SIMOCODE ES V19	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.4	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.5	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.6	Version: 0 < V5.6 SP1 HF7
Siemens	SINAMICS Startdrive V16	Version: 0 < *
Siemens	SINAMICS Startdrive V17	Version: 0 < *
Siemens	SINAMICS Startdrive V18	Version: 0 < *
Siemens	SINAMICS Startdrive V19	Version: 0 < *
Siemens	SIRIUS Safety ES V17 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Safety ES V18 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Safety ES V19 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V17 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V18 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V19 (TIA Portal)	Version: 0 < *
Siemens	TIA Portal Cloud V16	Version: 0 < *
Siemens	TIA Portal Cloud V17	Version: 0 < *
Siemens	TIA Portal Cloud V18	Version: 0 < *
Siemens	TIA Portal Cloud V19	Version: 0 < V5.2.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T17:14:22.243197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T17:14:31.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6 SP1 HF7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V17 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V18 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V19 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V17 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V18 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V19 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.2.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:16:44.114Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-49849",
    "datePublished": "2024-12-10T13:53:56.043Z",
    "dateReserved": "2024-10-21T12:15:15.196Z",
    "dateUpdated": "2025-08-12T11:16:44.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52051 (GCVE-0-2024-52051)

Vulnerability from cvelistv5

Published

2024-12-10 13:53

Modified

2025-08-12 11:16

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Summary

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/ssa-392859.html

Impacted products

Vendor

Product

Version

Siemens

SIMATIC S7-PLCSIM V17

Version: 0 < *

Siemens	SIMATIC S7-PLCSIM V18	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V17	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V18	Version: 0 < *
Siemens	SIMATIC STEP 7 Safety V19	Version: 0 < V19 Update 4
Siemens	SIMATIC STEP 7 V17	Version: 0 < *
Siemens	SIMATIC STEP 7 V18	Version: 0 < *
Siemens	SIMATIC STEP 7 V19	Version: 0 < V19 Update 4
Siemens	SIMATIC WinCC Unified PC Runtime V18	Version: 0 < *
Siemens	SIMATIC WinCC Unified PC Runtime V19	Version: 0 < V19 Update 4
Siemens	SIMATIC WinCC Unified V17	Version: 0 < *
Siemens	SIMATIC WinCC Unified V18	Version: 0 < *
Siemens	SIMATIC WinCC Unified V19	Version: 0 < V19 Update 4
Siemens	SIMATIC WinCC V17	Version: 0 < *
Siemens	SIMATIC WinCC V18	Version: 0 < *
Siemens	SIMATIC WinCC V19	Version: 0 < V19 Update 4
Siemens	SIMOCODE ES V17	Version: 0 < *
Siemens	SIMOCODE ES V18	Version: 0 < *
Siemens	SIMOCODE ES V19	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.4	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.5	Version: 0 < *
Siemens	SIMOTION SCOUT TIA V5.6	Version: 0 < V5.6 SP1 HF7
Siemens	SINAMICS Startdrive V17	Version: 0 < *
Siemens	SINAMICS Startdrive V18	Version: 0 < *
Siemens	SINAMICS Startdrive V19	Version: 0 < *
Siemens	SIRIUS Safety ES V17 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Safety ES V18 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Safety ES V19 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V17 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V18 (TIA Portal)	Version: 0 < *
Siemens	SIRIUS Soft Starter ES V19 (TIA Portal)	Version: 0 < *
Siemens	TIA Portal Cloud V17	Version: 0 < *
Siemens	TIA Portal Cloud V18	Version: 0 < *
Siemens	TIA Portal Cloud V19	Version: 0 < V5.2.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T17:13:19.265210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T17:13:31.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 Safety V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC STEP 7 V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified PC Runtime V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified PC Runtime V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC Unified V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinCC V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOCODE ES V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.5",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION SCOUT TIA V5.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6 SP1 HF7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS Startdrive V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V17 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V18 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Safety ES V19 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V17 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V18 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIRIUS Soft Starter ES V19 (TIA Portal)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIA Portal Cloud V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.2.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions \u003c V19 Update 4), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1). The affected devices do not properly sanitize  user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:16:46.791Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-52051",
    "datePublished": "2024-12-10T13:53:57.576Z",
    "dateReserved": "2024-11-05T16:27:26.648Z",
    "dateUpdated": "2025-08-12T11:16:46.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53832 (GCVE-0-2024-53832)

Vulnerability from cvelistv5

Published

2024-12-10 13:54

Modified

2024-12-10 17:17

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-522 - Insufficiently Protected Credentials

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/ssa-128393.html

Impacted products

	Vendor	Product	Version
	Siemens	CPCI85 Central Processing/Communication	Version: 0 < V05.30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:16:55.369787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T17:17:37.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "CPCI85 Central Processing/Communication",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V05.30",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:54:14.682Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-53832",
    "datePublished": "2024-12-10T13:54:14.682Z",
    "dateReserved": "2024-11-22T14:39:32.052Z",
    "dateUpdated": "2024-12-10T17:17:37.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2024-AVI-1062

Vulnerability from certfr_avis

Solutions

CVE-2024-49849 (GCVE-0-2024-49849)

Vulnerability from cvelistv5

CVE-2024-52051 (GCVE-0-2024-52051)

Vulnerability from cvelistv5

CVE-2024-53832 (GCVE-0-2024-53832)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature