CVE-2024-33698
published 2024-09-10CVE-2024-33698: A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions)…
critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | opcenter_quality | < V2406 | V2406 |
| siemens | opcenter_rdnl | < V2410 | V2410 |
| siemens | simatic_pcs_neo_v4.0 | < * | * |
| siemens | simatic_pcs_neo_v4.1 | < V4.1 Update 2 | V4.1 Update 2 |
| siemens | simatic_pcs_neo_v5.0 | < V5.0 Update 1 | V5.0 Update 1 |
| siemens | sinec_nms | < * | * |
| siemens | sinema_remote_connect_client | < V3.2 SP3 | V3.2 SP3 |
| siemens | totally_integrated_automation_portal_v16 | < * | * |
| siemens | totally_integrated_automation_portal_v17 | < V17 Update 8 | V17 Update 8 |
| siemens | totally_integrated_automation_portal_v18 | < V18 Update 5 | V18 Update 5 |
| siemens | totally_integrated_automation_portal_v19 | < V19 Update 3 | V19 Update 3 |