CVE-2024-49775

CWE-122 — Heap-based Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

2.6%

top 14.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Opcenter Execution Foundation Siemens Opcenter Intelligence Siemens Opcenter Quality +9 more

Timeline

PublishedDec 16

Description

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages12 packages

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v16< *

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v17< *

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v18< *

▶CVEListV5siemens/totally_integrated_automation_portal_(tia_portal)_v19< *

▶CVEListV5siemens/opcenter_execution_foundation< V2501.0001

🔴Vulnerability Details

CVEList

CVE-2024-49775: A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501↗2024-12-16

▶

GHSA

GHSA-qc35-5wrm-x6wx: A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versi↗2024-12-16

▶