CVE-2024-49775

CRITICAL

Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Qual...

Title source: llm

Description

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-928984.html

Scores

CVSS v3 9.8

EPSS 0.0414

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-122

Status published

Products (12)

Siemens/Opcenter Execution Foundation < V2501.0001

Siemens/Opcenter Intelligence < V2501.0001

Siemens/Opcenter Quality < V2512

Siemens/Opcenter RDnL < V2410

Siemens/SIMATIC PCS neo V4.0

Siemens/SIMATIC PCS neo V4.1 < V4.1 Update 3

Siemens/SIMATIC PCS neo V5.0 < V5.0 Update 1

Siemens/SINEC NMS

Siemens/Totally Integrated Automation Portal (TIA Portal) V16

Siemens/Totally Integrated Automation Portal (TIA Portal) V17

... and 2 more

Published Dec 16, 2024

Tracked Since Feb 18, 2026