CVE-2024-49775: A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All...
Description
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.
Classification
CVE ID: CVE-2024-49775
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
Affected Products
Vendor: Siemens
Product: Opcenter Execution Foundation
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 40.72% (scored less or equal to compared to others)
EPSS Date: 2025-02-04 (when was this score calculated)