CVE-2024-33698
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-26 CVE Reserved
- 2024-09-10 CVE Published
- 2025-03-11 CVE Updated
- 2025-05-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Opcenter Execution Foundation Search vendor "Siemens" for product "Opcenter Execution Foundation" | 0 Search vendor "Siemens" for product "Opcenter Execution Foundation" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Opcenter Quality Search vendor "Siemens" for product "Opcenter Quality" | 0 Search vendor "Siemens" for product "Opcenter Quality" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Opcenter RDL Search vendor "Siemens" for product "Opcenter RDL" | 0 Search vendor "Siemens" for product "Opcenter RDL" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SIMATIC PCS Neo V4.0 Search vendor "Siemens" for product "SIMATIC PCS Neo V4.0" | 0 Search vendor "Siemens" for product "SIMATIC PCS Neo V4.0" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | SINEC NMS Search vendor "Siemens" for product "SINEC NMS" | 0 Search vendor "Siemens" for product "SINEC NMS" and version "0" | en |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Totally Integrated Automation Portal (TIA Portal) V16 Search vendor "Siemens" for product "Totally Integrated Automation Portal (TIA Portal) V16" | 0 Search vendor "Siemens" for product "Totally Integrated Automation Portal (TIA Portal) V16" and version "0" | en |
Affected
| ||||||