VDB
SSA-392859
SSA-392859
PUBLISHED
CVSS 7.300000190734863 HIGH
The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIMOCODE ES V19 | |
| Siemens | TIA Portal Cloud V19 | |
| Siemens | SIMOCODE ES V17 | |
| Siemens | SIRIUS Safety ES V18 (TIA Portal) | |
| Siemens | SIRIUS Safety ES V19 (TIA Portal) | |
| Siemens | SIMATIC WinCC Unified V18 | |
| Siemens | SIMATIC WinCC Unified PC Runtime V19 | |
| Siemens | SIMATIC S7-PLCSIM V17 | |
| Siemens | SIMATIC STEP 7 V19 | |
| Siemens | SINAMICS Startdrive V17 | |
| Siemens | SIMOTION SCOUT TIA V5.5 | |
| Siemens | SIRIUS Soft Starter ES V18 (TIA Portal) | |
| Siemens | SIRIUS Soft Starter ES V17 (TIA Portal) | |
| Siemens | SIMATIC STEP 7 V18 | |
| Siemens | SIMATIC WinCC V18 | |
| Siemens | SIMATIC WinCC Unified PC Runtime V18 | |
| Siemens | SIMATIC WinCC Unified V17 | |
| Siemens | TIA Portal Cloud V17 | |
| Siemens | SIMOTION SCOUT TIA V5.4 | |
| Siemens | SIMATIC WinCC V19 |
…and 14 more
Timeline
- Dec 10, 2024 CVE Published
- Dec 9, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-392859.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-392859.html advisory
- https://support.industry.siemens.com/cs/ww/en/view/109784441/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109925643/ patch
- https://support.industry.siemens.com/cs/ww/en/view/109989067/ patch