A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Siemens
Siemens simatic Information Server Siemens simatic Pcs Neo Siemens sinec Nms Siemens totally Integrated Automation Portal |
|
CPEs | cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:* cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:* cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:* cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:* |
|
Vendors & Products |
Siemens
Siemens simatic Information Server Siemens simatic Pcs Neo Siemens sinec Nms Siemens totally Integrated Automation Portal |
|
Metrics |
ssvc
|
Tue, 10 Sep 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: siemens
Published: 2024-09-10T09:36:31.009Z
Updated: 2024-09-10T18:26:36.889Z
Reserved: 2024-04-26T12:32:09.263Z
Link: CVE-2024-33698
Vulnrichment
Updated: 2024-09-10T18:24:31.346Z
NVD
Status : Awaiting Analysis
Published: 2024-09-10T10:15:09.707
Modified: 2024-09-10T12:09:50.377
Link: CVE-2024-33698
Redhat
No data.