CVE-2024-49775
CVE-2024-49775
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
16 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Siemens · Opcenter Execution FoundationSiemens · Opcenter IntelligenceSiemens · Opcenter QualitySiemens · Opcenter RDnLSiemens · SIMATIC PCS neo V4.0Siemens · SIMATIC PCS neo V4.1Siemens · SIMATIC PCS neo V5.0Siemens · SINEC NMSSiemens · Totally Integrated Automation Portal (TIA Portal) V16Siemens · Totally Integrated Automation Portal (TIA Portal) V17Siemens · Totally Integrated Automation Portal (TIA Portal) V18Siemens · Totally Integrated Automation Portal (TIA Portal) V19¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →