VDB

ICSA-24-347-05

ICSA-24-347-05 PUBLISHED CVSS 7.800000190734863 HIGH

Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-49849. See the chapter "Additional Information" below for more details.

Risk Scores

CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SIMATIC STEP 7 V19
SIMATIC STEP 7 Safety V19
SIMATIC S7-PLCSIM V17
SIMOCODE ES V16
SIMATIC WinCC Unified V19
SIMATIC STEP 7 Safety V16
SIMATIC WinCC V17
SIMATIC STEP 7 Safety V17
SIMATIC STEP 7 Safety V18
SIMATIC S7-PLCSIM V16
SIMATIC STEP 7 V18
SIMATIC WinCC V16
SIMATIC STEP 7 V16
SIMATIC WinCC Unified V18
SIMATIC WinCC Unified V17
SIMATIC WinCC V19
SIMATIC STEP 7 V17
SIMATIC WinCC Unified V16
SIMATIC WinCC V18
SIMOCODE ES V17

Timeline

  • Dec 10, 2024 CVE Published
  • Aug 12, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›