Vulnerability-Lookup

CVE-2024-33698 (GCVE-0-2024-33698)

Vulnerability from cvelistv5 – Published: 2024-09-10 09:36 – Updated: 2025-10-14 09:15

Summary

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

Opcenter Quality

Affected: 0 , < V2406 (custom)

Siemens	Opcenter RDnL	Affected: 0 , < V2410 (custom)
Siemens	SIMATIC PCS neo V4.0	Affected: 0 , < * (custom)
Siemens	SIMATIC PCS neo V4.1	Affected: 0 , < V4.1 Update 2 (custom)
Siemens	SIMATIC PCS neo V5.0	Affected: 0 , < V5.0 Update 1 (custom)
Siemens	SINEC NMS	Affected: 0 , < * (custom)
Siemens	SINEMA Remote Connect Client	Affected: 0 , < V3.2 SP3 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V16	Affected: 0 , < * (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V17	Affected: 0 , < V17 Update 8 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V18	Affected: 0 , < V18 Update 5 (custom)
Siemens	Totally Integrated Automation Portal (TIA Portal) V19	Affected: 0 , < V19 Update 3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_pcs_neo",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "4.1_update_2",
                "status": "affected",
                "version": "4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_information_server",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "totally_integrated_automation_portal",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "17_update_8",
                "status": "affected",
                "version": "17",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:32:07.999463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:26:36.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Opcenter Quality",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2406",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Opcenter RDnL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2410",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V4.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V4.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1 Update 2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PCS neo V5.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.0 Update 1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINEC NMS",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINEMA Remote Connect Client",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.2 SP3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V16",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V17",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V17 Update 8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V18",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V18 Update 5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Totally Integrated Automation Portal (TIA Portal) V19",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V19 Update 3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:15:00.448Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-33698",
    "datePublished": "2024-09-10T09:36:31.009Z",
    "dateReserved": "2024-04-26T12:32:09.263Z",
    "dateUpdated": "2025-10-14T09:15:00.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:32:07.999463Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_pcs_neo\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.1_update_2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*\", \"cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"simatic_information_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"totally_integrated_automation_portal\", \"versions\": [{\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17_update_8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T18:24:31.346Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Opcenter Quality\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2406\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Opcenter RDnL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2410\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V4.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.1 Update 2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC PCS neo V5.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0 Update 1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEMA Remote Connect Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.2 SP3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V16\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V17 Update 8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V18 Update 5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Totally Integrated Automation Portal (TIA Portal) V19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V19 Update 3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-039007.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-33698\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T09:15:00.448Z\", \"dateReserved\": \"2024-04-26T12:32:09.263Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-09-10T09:36:31.009Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2024-33698

Vulnerability from fstec - Published: 10.09.2024

Title

Description

Уязвимость компонента Siemens User Management Component (UMC) продуктов SIMATIC Information Server, SIMATIC PCS neo, SINEC NMS, Totally Integrated Automation Portal (TIA Portal) связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Siemens AG

Software Name

SINEC-NMS

Software Version

до 2.11.6 (SINEC-NMS)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств межсетевого экранирования для ограничения возможности удалённого доступа; - сегментирование сети для ограничения доступа к промышленному сегменту из других подсетей; - фильтрация подключений 4002 и 4004-портов; - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций: https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-039007.html

CWE

CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.11.6 (SINEC-NMS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 4002 \u0438 4004-\u043f\u043e\u0440\u0442\u043e\u0432;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07066",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-33698",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SINEC-NMS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Siemens User Management Component (UMC) \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SIMATIC Information Server, SIMATIC PCS neo, SINEC NMS, Totally Integrated Automation Portal (TIA Portal), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Siemens User Management Component (UMC) \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 SIMATIC Information Server, SIMATIC PCS neo, SINEC NMS, Totally Integrated Automation Portal (TIA Portal) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

GSD-2024-33698

Vulnerability from gsd - Updated: 2024-04-27 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-33698

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-33698"
      ],
      "id": "GSD-2024-33698",
      "modified": "2024-04-27T05:02:18.315544Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-33698",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-33698

Vulnerability from fkie_nvd - Published: 2024-09-10 10:15 - Updated: 2025-10-14 10:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Opcenter Quality (All versions \u003c V2406), Opcenter RDnL (All versions \u003c V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones \u0026lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones \u0026lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2024-33698",
  "lastModified": "2025-10-14T10:15:34.373",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-10T10:15:09.707",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2024-AVI-0757

Vulnerability from certfr_avis - Published: 2024-09-10 - Updated: 2024-09-10

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 Update 5
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC IPC DiagMonitor toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SCALANCE W700 802.11 AX versions antérieures à V2.4.0
Siemens	N/A	SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V8.0 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Information Server 2024 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions antérieures à V4.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V18 toutes versions
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.2
Siemens	N/A	SIMATIC PCS neo V4.1 versions antérieures à V4.1 Update 2
Siemens	N/A	SIMATIC S7-200 SMART toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-43647.
Siemens	N/A	SIMATIC PCS neo V4.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-33698.
Siemens	N/A	SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V7.5 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC RF1140R (6GT2831-6CB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC WinCC Runtime Professional V20 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC RF1170R (6GT2831-6BB00) versions antérieures à V1.1
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.2
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V19 toutes versions
Siemens	N/A	SIMATIC Information Server 2022 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC WinCC Runtime Professional V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-38355.
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.2
Siemens	N/A	SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V17 versions antérieures à V17 Update 8
Siemens	N/A	SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Information Server 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC Process Historian 2020 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.2
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 18
Siemens	N/A	SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SICAM SCC versions antérieures à V10.0
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC WinCC Runtime Professional V18 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC WinCC Runtime Professional V19 toutes versions pour la vulnérabilité CVE-2024-38355
Siemens	N/A	SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC WinCC V7.4 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-35783.
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.2
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.2
Siemens	N/A	SIMATIC IPC DiagBase toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour les vulnérabilités CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.
Siemens	N/A	SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC Process Historian 2022 toutes versions pour la vulnérabilité CVE-2024-35783
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.2
Siemens	N/A	SIMATIC CP 1243-7 LTE versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC PCS neo V5.0 toutes versions pour la vulnérabilité CVE-2024-33698
Siemens	N/A	SIMATIC CP 1243-1 (incl. SIPLUS variants) versions antérieures à V3.5.20
Siemens	N/A	SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions antérieures à V4.2
Siemens	N/A	SIMATIC BATCH V9.1 toutes versions pour la vulnérabilité CVE-2024-35783

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-721642	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-969738	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-673996	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-773256	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-423808	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-039007	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-629254	2024-09-10	vendor-advisory
Bulletin de sécurité Siemens SSA-765405	2024-09-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagMonitor toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-200 SMART toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V4.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM SCC versions ant\u00e9rieures \u00e0 V10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC DiagBase toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-43647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43647"
    },
    {
      "name": "CVE-2024-37995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37995"
    },
    {
      "name": "CVE-2024-37990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37990"
    },
    {
      "name": "CVE-2024-37993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37993"
    },
    {
      "name": "CVE-2024-37991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37991"
    },
    {
      "name": "CVE-2023-30756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30756"
    },
    {
      "name": "CVE-2024-33698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33698"
    },
    {
      "name": "CVE-2024-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37992"
    },
    {
      "name": "CVE-2024-34057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34057"
    },
    {
      "name": "CVE-2023-30755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30755"
    },
    {
      "name": "CVE-2023-28827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28827"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2024-35783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35783"
    },
    {
      "name": "CVE-2024-38355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38355"
    },
    {
      "name": "CVE-2024-37994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37994"
    }
  ],
  "initial_release_date": "2024-09-10T00:00:00",
  "last_revision_date": "2024-09-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0757",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-673996.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-773256.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
    }
  ]
}

CNVD-2024-38025

Vulnerability from cnvd - Published: 2024-09-12

Title

Siemens User Management Component (UMC) 堆缓冲区溢出漏洞

Description

SIMATIC PCS neo是一个分布式控制系统（DCS）。SINEC NMS是面向数字企业的新一代网络管理系统（NMS）。该系统可用于集中监控、管理和配置网络。Totally Integrated Automation Portal (TIA Portal)是一款PC软件，提供对西门子全方位数字化自动化服务的访问，从数字规划和集成工程到透明操作。 User Management Component (UMC)是一个集成组件，可以在系统范围内对用户进行集中维护。 Siemens User Management Component (UMC) 存在堆缓冲区溢出漏洞，攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Siemens User Management Component (UMC) 堆缓冲区溢出漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Impacted products

Name
['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19']

Name

['Siemens SINEC NMS', 'Siemens Totally Integrated Automation Portal (TIA Portal) V16', 'Siemens Totally Integrated Automation Portal (TIA Portal) V17', 'Siemens Totally Integrated Automation Portal (TIA Portal) V18', 'Siemens SIMATIC PCS neo V4.0', 'Siemens SIMATIC Information Server 2022', 'Siemens SIMATIC PCS neo V4.1', 'Siemens SIMATIC PCS neo V5.0', 'Siemens Totally Integrated Automation Portal (TIA Portal) V19']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-33698"
    }
  },
  "description": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\n\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38025",
  "openTime": "2024-09-12",
  "patchDescription": "SIMATIC PCS neo\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\u3002SINEC NMS\u662f\u9762\u5411\u6570\u5b57\u4f01\u4e1a\u7684\u65b0\u4e00\u4ee3\u7f51\u7edc\u7ba1\u7406\u7cfb\u7edf\uff08NMS\uff09\u3002\u8be5\u7cfb\u7edf\u53ef\u7528\u4e8e\u96c6\u4e2d\u76d1\u63a7\u3001\u7ba1\u7406\u548c\u914d\u7f6e\u7f51\u7edc\u3002Totally Integrated Automation Portal (TIA Portal)\u662f\u4e00\u6b3ePC\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u5bf9\u897f\u95e8\u5b50\u5168\u65b9\u4f4d\u6570\u5b57\u5316\u81ea\u52a8\u5316\u670d\u52a1\u7684\u8bbf\u95ee\uff0c\u4ece\u6570\u5b57\u89c4\u5212\u548c\u96c6\u6210\u5de5\u7a0b\u5230\u900f\u660e\u64cd\u4f5c\u3002 User Management Component (UMC)\u662f\u4e00\u4e2a\u96c6\u6210\u7ec4\u4ef6\uff0c\u53ef\u4ee5\u5728\u7cfb\u7edf\u8303\u56f4\u5185\u5bf9\u7528\u6237\u8fdb\u884c\u96c6\u4e2d\u7ef4\u62a4\u3002\r\n\r\nSiemens User Management Component (UMC) \u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SINEC NMS",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V16",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V17",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V18",
      "Siemens SIMATIC PCS neo V4.0",
      "Siemens SIMATIC Information Server 2022",
      "Siemens SIMATIC PCS neo V4.1",
      "Siemens SIMATIC PCS neo V5.0",
      "Siemens Totally Integrated Automation Portal (TIA Portal) V19"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens User Management Component (UMC) \u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GHSA-5J8G-CMHW-G45P

Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30

Details

A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-33698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T10:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.",
  "id": "GHSA-5j8g-cmhw-g45p",
  "modified": "2024-09-10T12:30:37Z",
  "published": "2024-09-10T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33698"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-33698 (GCVE-0-2024-33698)

CVE-2024-33698

GSD-2024-33698

FKIE_CVE-2024-33698

CERTFR-2024-AVI-0757

Solutions

CNVD-2024-38025

GHSA-5J8G-CMHW-G45P

Tags

Sightings

Nomenclature