CVE-2024-33698 Information

Description

A vulnerability has been identified in SIMATIC Information Server 2022 (All versions) SIMATIC Information Server 2024 (All versions) SIMATIC PCS neo V4.0 (All versions) SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2) SIMATIC PCS neo V5.0 (All versions) SINEC NMS (All versions) Totally Integrated Automation Portal (TIA Portal) V16 (All versions) Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8) Totally Integrated Automation Portal (TIA Portal) V18 (All versions) Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Reference

https://cert-portal.siemens.com/productcert/html/ssa-039007.html