Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-49849

Disclosure Date: December 10, 2024 •

CVE-2024-49849 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

SIMATIC S7-PLCSIM V16 *

SIMATIC S7-PLCSIM V17 *

SIMATIC STEP 7 Safety V16 *

SIMATIC STEP 7 Safety V17 *

SIMATIC STEP 7 Safety V18 *

SIMATIC STEP 7 Safety V19 *

SIMATIC STEP 7 V16 *

SIMATIC STEP 7 V17 *

SIMATIC STEP 7 V18 *

SIMATIC STEP 7 V19 *

SIMATIC WinCC Unified V16 *

SIMATIC WinCC Unified V17 *

SIMATIC WinCC Unified V18 *

SIMATIC WinCC Unified V19 *

SIMATIC WinCC V16 *

SIMATIC WinCC V17 *

SIMATIC WinCC V18 *

SIMATIC WinCC V19 *

SIMOCODE ES V16 *

SIMOCODE ES V17 *

SIMOCODE ES V18 *

SIMOCODE ES V19 *

SIMOTION SCOUT TIA V5.4 SP1 *

SIMOTION SCOUT TIA V5.4 SP3 *

SIMOTION SCOUT TIA V5.5 SP1 *

SIMOTION SCOUT TIA V5.6 SP1 *

SINAMICS Startdrive V16 *

SINAMICS Startdrive V17 *

SINAMICS Startdrive V18 *

SINAMICS Startdrive V19 *

SIRIUS Safety ES V17 (TIA Portal) *

SIRIUS Safety ES V18 (TIA Portal) *

SIRIUS Safety ES V19 (TIA Portal) *

SIRIUS Soft Starter ES V17 (TIA Portal) *

SIRIUS Soft Starter ES V18 (TIA Portal) *

SIRIUS Soft Starter ES V19 (TIA Portal) *

TIA Portal Cloud V16 *

TIA Portal Cloud V17 *

TIA Portal Cloud V18 *

TIA Portal Cloud V19 *

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Siemens

Products

SIMATIC S7-PLCSIM V16,
SIMATIC S7-PLCSIM V17,
SIMATIC STEP 7 Safety V16,
SIMATIC STEP 7 Safety V17,
SIMATIC STEP 7 Safety V18,
SIMATIC STEP 7 Safety V19,
SIMATIC STEP 7 V16,
SIMATIC STEP 7 V17,
SIMATIC STEP 7 V18,
SIMATIC STEP 7 V19,
SIMATIC WinCC Unified V16,
SIMATIC WinCC Unified V17,
SIMATIC WinCC Unified V18,
SIMATIC WinCC Unified V19,
SIMATIC WinCC V16,
SIMATIC WinCC V17,
SIMATIC WinCC V18,
SIMATIC WinCC V19,
SIMOCODE ES V16,
SIMOCODE ES V17,
SIMOCODE ES V18,
SIMOCODE ES V19,
SIMOTION SCOUT TIA V5.4 SP1,
SIMOTION SCOUT TIA V5.4 SP3,
SIMOTION SCOUT TIA V5.5 SP1,
SIMOTION SCOUT TIA V5.6 SP1,
SINAMICS Startdrive V16,
SINAMICS Startdrive V17,
SINAMICS Startdrive V18,
SINAMICS Startdrive V19,
SIRIUS Safety ES V17 (TIA Portal),
SIRIUS Safety ES V18 (TIA Portal),
SIRIUS Safety ES V19 (TIA Portal),
SIRIUS Soft Starter ES V17 (TIA Portal),
SIRIUS Soft Starter ES V18 (TIA Portal),
SIRIUS Soft Starter ES V19 (TIA Portal),
TIA Portal Cloud V16,
TIA Portal Cloud V17,
TIA Portal Cloud V18,
TIA Portal Cloud V19

References

Canonical

CVE-2024-49849 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49849)

Miscellaneous

https://cert-portal.siemens.com/productcert/html/ssa-800126.html

Rapid7

Unknown

CVE-2024-49849

Unknown

Unknown

Required

None

Local

CVE-2024-49849

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-49849

Unknown

Unknown

Required

None

Local

CVE-2024-49849

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification