ModelSim/Questa vsimk.exe Auth Code Exec via Tcl Load (pre-V2025.2)
CVE-2024-47196 Published on October 8, 2024
A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2024-47196 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2024-47196
stack.watch emails you whenever new vulnerabilities are published in Siemens Modelsim or Siemens Questa. Just hit a watch button to start following.
Affected Versions
Siemens ModelSim:- Before V2025.2 is affected.
- Before V2025.2 is affected.
- Before 2024.3 is affected.
- Before 2024.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.