CVE-2024-54678

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.6HIGH

EPSS

0.1%

top 79.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS NEO V4.1 Siemens Simatic PCS NEO V5.0 Siemens Simatic PCS NEO V6.0 +34 more

Timeline

PublishedAug 12

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages37 packages

▶CVEListV5siemens/sirius_soft_starter_es_v17_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v18_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v19_(tia_portal)< *

▶CVEListV5siemens/sirius_soft_starter_es_v20_(tia_portal)< *

▶CVEListV5siemens/sirius_safety_es_v17_(tia_portal)< *

🔴Vulnerability Details

CVEList

CVE-2024-54678: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-08-12

▶

GHSA

GHSA-h4qr-6jj2-9qg8: A vulnerability has been identified in SIMATIC PCS neo V4↗2025-08-12

▶