CVE-2024-33698: Buffer Overflow
First published: Tue Sep 10 2024(Updated: )
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Opcenter Execution Foundation | < | |
| Siemens Opcenter Quality | < | |
| Siemens Opcenter RD&L | < | |
| Siemens SIMATIC PCS neo | < | |
| Siemens SIMATIC PCS neo | <V4.1 Update 2 | |
| Siemens SIMATIC PCS neo | <V5.0 Update 1 | |
| Siemens SINEC NMS | < | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | < | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V17 Update 8 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V18 Update 5 | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <V19 Update 3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-33698?
CVE-2024-33698 has been classified as a high-severity vulnerability.
How do I fix CVE-2024-33698?
To address CVE-2024-33698, upgrade the affected software to the latest versions as recommended by Siemens.
Which products are affected by CVE-2024-33698?
CVE-2024-33698 affects multiple Siemens products including Opcenter Execution Foundation, Opcenter Quality, and SIMATIC PCS neo among others.
Can CVE-2024-33698 be exploited remotely?
Yes, CVE-2024-33698 can potentially be exploited remotely if prerequisite conditions are met.
What types of attacks are associated with CVE-2024-33698?
CVE-2024-33698 may allow unauthorized access and execution of arbitrary commands in affected Siemens products.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens opcenter execution foundation
- canonical/siemens opcenter quality
- canonical/siemens opcenter rd&l
- canonical/siemens simatic pcs neo
- canonical/siemens sinec nms
- canonical/siemens totally integrated automation portal (tia portal)