cnvd-2024-38025
Vulnerability from cnvd

Title: Siemens User Management Component (UMC) 堆缓冲区溢出漏洞

Description:

SIMATIC PCS neo是一个分布式控制系统(DCS)。SINEC NMS是面向数字企业的新一代网络管理系统(NMS)。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,提供对西门子全方位数字化自动化服务的访问,从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件,可以在系统范围内对用户进行集中维护。

Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞,攻击者可利用该漏洞执行任意代码。

Severity:

Patch Name: Siemens User Management Component (UMC) 堆缓冲区溢出漏洞的补丁

Patch Description:

SIMATIC PCS neo是一个分布式控制系统(DCS)。SINEC NMS是面向数字企业的新一代网络管理系统(NMS)。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件,提供对西门子全方位数字化自动化服务的访问,从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件,可以在系统范围内对用户进行集中维护。

Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞,攻击者可利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Impacted products
Name
['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-33698"
    }
  },
  "description": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38025",
  "openTime": "2024-09-12",
  "patchDescription": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINEC NMS",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V16",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V17",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V18",
      "Siemens SIMATIC PCS neo V4.0",
      "Siemens SIMATIC Information Server 2022",
      "Siemens SIMATIC PCS neo V4.1",
      "Siemens SIMATIC PCS neo V5.0",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V19"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.