CVE-2024-54678
CVE-2024-54678
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2), TIA Portal Test Suite V20 (All versions < V20 Update 4). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Siemens · SIMATIC PCS neo V4.1Siemens · SIMATIC PCS neo V5.0Siemens · SIMATIC PCS neo V6.0Siemens · SIMATIC S7-PLCSIM V17Siemens · SIMATIC STEP 7 V17Siemens · SIMATIC STEP 7 V18Siemens · SIMATIC STEP 7 V19Siemens · SIMATIC STEP 7 V20Siemens · SIMATIC WinCC V17Siemens · SIMATIC WinCC V18Siemens · SIMATIC WinCC V19Siemens · SIMATIC WinCC V20Siemens · SIMOCODE ES V17Siemens · SIMOCODE ES V18Siemens · SIMOCODE ES V19Siemens · SIMOCODE ES V20Siemens · SIMOTION SCOUT TIA V5.4Siemens · SIMOTION SCOUT TIA V5.5Siemens · SIMOTION SCOUT TIA V5.6Siemens · SIMOTION SCOUT TIA V5.7Siemens · SINAMICS Startdrive V17Siemens · SINAMICS Startdrive V18Siemens · SINAMICS Startdrive V19Siemens · SINAMICS Startdrive V20Siemens · SIRIUS Safety ES V17 (TIA Portal)Siemens · SIRIUS Safety ES V18 (TIA Portal)Siemens · SIRIUS Safety ES V19 (TIA Portal)Siemens · SIRIUS Safety ES V20 (TIA Portal)Siemens · SIRIUS Soft Starter ES V17 (TIA Portal)Siemens · SIRIUS Soft Starter ES V18 (TIA Portal)Siemens · SIRIUS Soft Starter ES V19 (TIA Portal)Siemens · SIRIUS Soft Starter ES V20 (TIA Portal)Siemens · TIA Portal Cloud V17Siemens · TIA Portal Cloud V18Siemens · TIA Portal Cloud V19Siemens · TIA Portal Cloud V20Siemens · TIA Portal Test Suite V20¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →