VDB
ICSA-24-347-02
ICSA-24-347-02
PUBLISHED
CVSS 7.300000190734863 HIGH
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available. Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter "Additional Information" below for more details.
Risk Scores
CVSS v3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC STEP 7 V18 | ||
| SIMOCODE ES V17 | ||
| SIMATIC S7-PLCSIM V18 | ||
| SIMATIC WinCC Unified V17 | ||
| SIMOCODE ES V19 | ||
| SIMOCODE ES V18 | ||
| SIMATIC STEP 7 V19 | ||
| SIMATIC WinCC V19 | ||
| SIMATIC WinCC Unified V18 | ||
| SIMATIC WinCC V18 | ||
| SIMOTION SCOUT TIA V5.4 | ||
| SIMATIC S7-PLCSIM V17 | ||
| SIMATIC STEP 7 Safety V17 | ||
| SIMATIC STEP 7 V17 | ||
| SIMATIC STEP 7 Safety V19 | ||
| SIMATIC WinCC Unified PC Runtime V18 | ||
| SIMATIC WinCC V17 | ||
| SIMATIC STEP 7 Safety V18 | ||
| SIMATIC WinCC Unified PC Runtime V19 | ||
| SIMATIC WinCC Unified V19 |
Timeline
- Dec 10, 2024 CVE Published
- Sep 25, 2025 PoC Published
- Dec 9, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-392859.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-392859.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-347-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-02 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.industry.siemens.com/cs/ww/en/view/109784441/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109925643/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109989067/ fix