What is the severity of CVE-2024-49849?

The severity of CVE-2024-49849 is currently not disclosed in the available documentation.

How do I fix CVE-2024-49849?

To fix CVE-2024-49849, ensure that affected Siemens software versions are updated to the latest patches provided by Siemens.

Which software versions are affected by CVE-2024-49849?

CVE-2024-49849 affects Siemens SIMATIC S7-PLCSIM V16 and V17, SIMATIC STEP 7 Safety V16 to V19, and various other SIMATIC software versions.

Is CVE-2024-49849 exploitable remotely?

Details on remote exploitability for CVE-2024-49849 have not been specified in the available reports.

What are the potential impacts of CVE-2024-49849?

The potential impacts of CVE-2024-49849 may include unauthorized access or manipulation of the affected Siemens software systems.

Vulnerability/
CVE-2024-49849

high

8.4

CWE

502

10/12/2024

11/12/2024

CVE-2024-49849

First published: Tue Dec 10 2024(Updated: )

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
SIMATIC S7-PLCSIM	<=V16<=V17
Siemens SIMATIC STEP 7 Safety	<=V16<=V17<=V18<=V19
SIMATIC STEP 7	<=V16<=V17<=V18<=V19
Siemens SIMATIC WinCC Unified PC Runtime	<=V16<=V17<=V18<=V19
Siemens SIMATIC WinCC	<=V16<=V17<=V18<=V19
Siemens SIMOCODE ES	<=V16<=V17<=V18<=V19
Siemens SIMOTION SCOUT TIA
Siemens SINAMICS Startdrive	<=V16<=V17<=V18<=V19
Siemens SIRIUS Safety ES	<=V17 (TIA Portal)<=V18 (TIA Portal)<=V19 (TIA Portal)
Siemens SIRIUS Soft Starter 3RW44PN	<=V17 (TIA Portal)<=V18 (TIA Portal)<=V19 (TIA Portal)
Siemens TIA Portal	<=V16<=V17<=V18<=V19

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/html/ssa-800126.html

Frequently Asked Questions

What is the severity of CVE-2024-49849?
The severity of CVE-2024-49849 is currently not disclosed in the available documentation.
How do I fix CVE-2024-49849?
To fix CVE-2024-49849, ensure that affected Siemens software versions are updated to the latest patches provided by Siemens.
Which software versions are affected by CVE-2024-49849?
CVE-2024-49849 affects Siemens SIMATIC S7-PLCSIM V16 and V17, SIMATIC STEP 7 Safety V16 to V19, and various other SIMATIC software versions.
Is CVE-2024-49849 exploitable remotely?
Details on remote exploitability for CVE-2024-49849 have not been specified in the available reports.
What are the potential impacts of CVE-2024-49849?
The potential impacts of CVE-2024-49849 may include unauthorized access or manipulation of the affected Siemens software systems.

agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/siemens
canonical/simatic s7-plcsim
canonical/siemens simatic step 7 safety
canonical/simatic step 7
canonical/siemens simatic wincc unified pc runtime
canonical/siemens simatic wincc
canonical/siemens simocode es
canonical/siemens simotion scout tia
canonical/siemens sinamics startdrive
canonical/siemens sirius safety es
canonical/siemens sirius soft starter 3rw44pn
canonical/siemens tia portal