What is the severity of CVE-2024-49775?

CVE-2024-49775 has been rated as a critical vulnerability affecting multiple Siemens products.

How do I fix CVE-2024-49775?

To fix CVE-2024-49775, update all affected Siemens software to their latest versions as recommended by Siemens.

Which Siemens products are affected by CVE-2024-49775?

CVE-2024-49775 affects Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, and SIMATIC PCS neo across various versions.

Is CVE-2024-49775 remotely exploitable?

Yes, CVE-2024-49775 is considered remotely exploitable, potentially allowing unauthorized access to affected systems.

What are the potential impacts of CVE-2024-49775?

The potential impacts of CVE-2024-49775 include unauthorized data access, disruption of services, and compromise of critical operations.

Vulnerability/
CVE-2024-49775

critical

9.8

CWE

122 119

16/12/2024

12/3/2025

CVE-2024-49775: Buffer Overflow

First published: Mon Dec 16 2024(Updated: )

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Opcenter Execution Foundation	<=All versions
Siemens Opcenter Intelligence	<=All versions
Siemens Opcenter Quality	<=All versions
Siemens Opcenter RD&L	<=All versions
Siemens Simatic PCS neo Firmware	<=4.0<undefined<undefined
Siemens SINEC NMS SP1 Update 1	<=All versions if operated in conjunction with UMC < 2.15
Siemens TIA Portal	<=16<=17<=18<=19

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/html/ssa-928984.html

Frequently Asked Questions

What is the severity of CVE-2024-49775?
CVE-2024-49775 has been rated as a critical vulnerability affecting multiple Siemens products.
How do I fix CVE-2024-49775?
To fix CVE-2024-49775, update all affected Siemens software to their latest versions as recommended by Siemens.
Which Siemens products are affected by CVE-2024-49775?
CVE-2024-49775 affects Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, and SIMATIC PCS neo across various versions.
Is CVE-2024-49775 remotely exploitable?
Yes, CVE-2024-49775 is considered remotely exploitable, potentially allowing unauthorized access to affected systems.
What are the potential impacts of CVE-2024-49775?
The potential impacts of CVE-2024-49775 include unauthorized data access, disruption of services, and compromise of critical operations.

agent/weakness
agent/references
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens opcenter execution foundation
canonical/siemens opcenter intelligence
canonical/siemens opcenter quality
canonical/siemens opcenter rd&l
canonical/siemens simatic pcs neo firmware
canonical/siemens sinec nms sp1 update 1
canonical/siemens tia portal