Heap-based Buffer Overflow in UMC Enables Remote Code Exec (CVE-2024-49775)
CVE-2024-49775 Published on December 16, 2024

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2024-49775

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-49775 are published in these products:

Siemens Opcenter Execution Foundation
 
Siemens Opcenter Intelligence
 
Siemens Opcenter Quality
 
Siemens Simatic Pcs Neo
 
Siemens Sinec Nms
 
Siemens Totally Integrated Automation Portal
 

Affected Versions

Siemens Opcenter Execution Foundation: Siemens Opcenter Intelligence: Siemens Opcenter Quality: Siemens Opcenter RDnL: Siemens SIMATIC PCS neo V4.0: Siemens SIMATIC PCS neo V4.1: Siemens SIMATIC PCS neo V5.0: Siemens SINEC NMS: Siemens Totally Integrated Automation Portal (TIA Portal) V16: Siemens Totally Integrated Automation Portal (TIA Portal) V17: Siemens Totally Integrated Automation Portal (TIA Portal) V18: Siemens Totally Integrated Automation Portal (TIA Portal) V19:

Exploit Probability

EPSS
2.68%
Percentile
85.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.