CVE-2024-33698

CWE-122 — Heap-based Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

3.3%

top 12.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Opcenter Quality Siemens Opcenter Rdnl Siemens Simatic PCS NEO V4.0 +8 more

Timeline

PublishedSep 10

Description

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), To…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages11 packages

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v16< *

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v17< V17 Update 8

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v18< V18 Update 5

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v19< V19 Update 3

▶CVEListV5siemens/sinema_remote_connect_client< V3.2 SP3

🔴Vulnerability Details

GHSA

GHSA-5j8g-cmhw-g45p: A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo↗2024-09-10

▶

CVEList

CVE-2024-33698: A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4↗2024-09-10

▶