Sign-up

ID

VAR-202409-0293


CVE

CVE-2024-33698


TITLE

Siemens User Management Component (UMC) Heap Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-38025

DESCRIPTION

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. SIMATIC PCS neo is a distributed control system (DCS). SINEC NMS is a new generation of network management system (NMS) for digital enterprises. The system can be used to centrally monitor, manage and configure networks. Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to Siemens' full range of digital automation services, from digital planning and integrated engineering to transparent operation. User Management Component (UMC) is an integrated component that enables centralized maintenance of users across the system

Trust: 1.44

sources: NVD: CVE-2024-33698 // CNVD: CNVD-2024-38025

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38025

AFFECTED PRODUCTS

vendor:siemensmodel:sinec nmsscope: - version: -

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v16

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v17

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v18

Trust: 0.6

vendor:siemensmodel:simatic pcs neoscope:eqversion:v4.0

Trust: 0.6

vendor:siemensmodel:simatic information serverscope:eqversion:2022

Trust: 0.6

vendor:siemensmodel:simatic pcs neoscope:eqversion:v4.1

Trust: 0.6

vendor:siemensmodel:simatic pcs neoscope:eqversion:v5.0

Trust: 0.6

vendor:siemensmodel:totally integrated automation portalscope:eqversion:v19

Trust: 0.6

sources: CNVD: CNVD-2024-38025

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33698
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-38025
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-38025
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-33698
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-38025 // NVD: CVE-2024-33698

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

sources: NVD: CVE-2024-33698

PATCH

title:Patch for Siemens User Management Component (UMC) Heap Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/590261

Trust: 0.6

sources: CNVD: CNVD-2024-38025

EXTERNAL IDS

db:SIEMENSid:SSA-039007

Trust: 1.6

db:NVDid:CVE-2024-33698

Trust: 1.6

db:CNVDid:CNVD-2024-38025

Trust: 0.6

sources: CNVD: CNVD-2024-38025 // NVD: CVE-2024-33698

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-039007.html

Trust: 1.6

sources: CNVD: CNVD-2024-38025 // NVD: CVE-2024-33698

SOURCES

db:CNVDid:CNVD-2024-38025
db:NVDid:CVE-2024-33698

LAST UPDATE DATE

2024-11-12T23:18:04.812000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38025date:2024-09-12T00:00:00
db:NVDid:CVE-2024-33698date:2024-11-12T13:15:07.653

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38025date:2024-09-12T00:00:00
db:NVDid:CVE-2024-33698date:2024-09-10T10:15:09.707