CVE-2024-49775: Buffer Overflow
First published: Mon Dec 16 2024(Updated: )
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Opcenter Execution Foundation | <= | |
| Siemens Opcenter Intelligence | <= | |
| Siemens Opcenter Quality | <= | |
| Siemens Opcenter RD&L | <= | |
| Siemens SIMATIC PCS neo V4.0 | <= | |
| Siemens SIMATIC PCS neo V4.0 | >=4.0 | |
| Siemens SIMATIC PCS neo V4.0 | >=4.1 | |
| Siemens SIMATIC PCS neo V4.0 | >=5.0 | |
| Siemens SINEC NMS | <= | |
| Siemens Totally Integrated Automation Portal (TIA Portal) | <= | |
| Siemens Totally Integrated Automation Portal (TIA Portal) V16 | <= |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-49775?
CVE-2024-49775 has been rated as a critical vulnerability affecting multiple Siemens products.
How do I fix CVE-2024-49775?
To fix CVE-2024-49775, update all affected Siemens software to their latest versions as recommended by Siemens.
Which Siemens products are affected by CVE-2024-49775?
CVE-2024-49775 affects Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, and SIMATIC PCS neo across various versions.
Is CVE-2024-49775 remotely exploitable?
Yes, CVE-2024-49775 is considered remotely exploitable, potentially allowing unauthorized access to affected systems.
What are the potential impacts of CVE-2024-49775?
The potential impacts of CVE-2024-49775 include unauthorized data access, disruption of services, and compromise of critical operations.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens opcenter execution foundation
- canonical/siemens opcenter intelligence
- canonical/siemens opcenter quality
- canonical/siemens opcenter rd&l
- canonical/siemens simatic pcs neo v4.0
- canonical/siemens sinec nms
- canonical/siemens totally integrated automation portal (tia portal)
- canonical/siemens totally integrated automation portal (tia portal) v16