VDB
ICSA-25-044-10
ICSA-25-044-10
PUBLISHED
CVSS 6.699999809265137 MEDIUM
Questa and ModelSim (incl. OEM Editions) are affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Questa | ||
| ModelSim |
Timeline
- Feb 11, 2025 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-637914.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-637914.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-044-10.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-10 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url