CVE-2024-49775 Information

Description

A vulnerability has been identified in Opcenter Execution Foundation (All versions) Opcenter Intelligence (All versions) Opcenter Quality (All versions) Opcenter RDL (All versions) SIMATIC PCS neo V4.0 (All versions) SIMATIC PCS neo V4.1 (All versions) SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1) SINEC NMS (All versions if operated in conjunction with UMC < V2.15) Totally Integrated Automation Portal (TIA Portal) V16 (All versions) Totally Integrated Automation Portal (TIA Portal) V17 (All versions) Totally Integrated Automation Portal (TIA Portal) V18 (All versions) Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://cert-portal.siemens.com/productcert/html/ssa-928984.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8