Local Privilege Escalation via DLL in vish2.exe (ModelSim/Questa < V2024.3)
CVE-2024-47194 Published on October 8, 2024
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2024-47194 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2024-47194
stack.watch emails you whenever new vulnerabilities are published in Siemens Modelsim or Siemens Questa. Just hit a watch button to start following.
Affected Versions
Siemens ModelSim:- Before V2024.3 is affected.
- Before V2024.3 is affected.
- Before 2024.3 is affected.
- Before 2024.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.