CVE-2024-49849Deserialization of Untrusted Data in Siemens Simatic S7-plcsim V16

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 77.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
39
Siemens Simatic S7-plcsim V16Siemens Simatic S7-plcsim V17Siemens Simatic Step 7 Safety V16+36 more
Timeline
PublishedDec 10

Description

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Uni

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages39 packages

CVEListV5siemens/simatic_step_7_safety_v17< V17 Update 9
CVEListV5siemens/simatic_step_7_safety_v19< V19 Update 4

🔴Vulnerability Details

2
GHSA
GHSA-wcc9-3f5j-wxhw: A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All vers2024-12-10
CVEList
CVE-2024-49849: A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All vers2024-12-10
CVE-2024-49849 — Deserialization of Untrusted Data | cvebase