Siemens Opcenter/PCS neo/TIA Portal Heap Overflow in UMC (CVE-2024-33698)
CVE-2024-33698 Published on September 10, 2024

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2024-33698

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-33698 are published in these products:

Siemens Simatic Pcs Neo

Siemens Totally Integrated Automation Portal

Siemens Sinec Nms

Siemens Simatic Information Server

Affected Versions

Siemens Opcenter Quality:

Before V2406 is affected.

Siemens Opcenter RDnL:

Before V2410 is affected.

Siemens SIMATIC PCS neo V4.0:

Before * is affected.

Siemens SIMATIC PCS neo V4.1:

Before V4.1 Update 2 is affected.

Siemens SIMATIC PCS neo V5.0:

Before V5.0 Update 1 is affected.

Siemens SINEC NMS:

Before * is affected.

Siemens SINEMA Remote Connect Client:

Before V3.2 SP3 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V16:

Before * is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V17:

Before V17 Update 8 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V18:

Before V18 Update 5 is affected.

Siemens Totally Integrated Automation Portal (TIA Portal) V19:

Before V19 Update 3 is affected.

siemens simatic_pcs_neo:

Version 4.0 and below 4.1_update_2 is affected.

siemens simatic_information_server:

Before * is affected.

siemens totally_integrated_automation_portal:

Version 17 and below 17_update_8 is affected.

Exploit Probability

EPSS

3.29%

Percentile

86.96%