CVE-2024-54678 (CNNVD-202508-1026)

HIGH
中文标题:
Siemens多款产品 代码问题漏洞
英文标题:
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (Al...
CVSS分数: 8.6
发布时间: 2025-08-12 11:16:53
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

Siemens SIMATIC STEP等都是德国西门子(Siemens)公司的产品。Siemens SIMATIC STEP是用于配置和编程 SIMATIC 控制器的综合工程工具。Siemens SIMATIC PCS neo是一个分布式控制系统。Siemens SIMATIC STEP 7是一款PLC程序仿真软件。 Siemens多款产品存在代码问题漏洞,该漏洞源于输入清理不当,可能导致执行任意代码。以下产品及版本受到影响:SIMATIC PCS V4.1、V5.0、V6.0、SIMATIC S7-PLCSIM V17、SIMATIC STEP 7 V17、V18、V19、V20、SIMATIC WinCC V17、V18、V19、V20、SIMOCODE ES V17、V18、V19、V20、SIMOTION SCOUT TIA V5.4、V5.5、V5.6、V5.7、SINAMICS Startdrive V17、V18、V19、V20、SIRIUS Safety ES V17、V18、V19、V20、SIRIUS Soft Starter ES V17、V18、V19、V20、TIA Portal Cloud V17、V18、V19、V20和TIA Portal Test Suite V20。

英文描述:

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2), TIA Portal Test Suite V20 (All versions < V20 Update 4). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Siemens SIMATIC PCS neo V4.1 - < * - cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*
Siemens SIMATIC PCS neo V5.0 - < * - cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*
Siemens SIMATIC PCS neo V6.0 - < * - cpe:2.3:a:siemens:simatic_pcs_neo_v6.0:*:*:*:*:*:*:*:*
Siemens SIMATIC S7-PLCSIM V17 - < * - cpe:2.3:a:siemens:simatic_s7-plcsim_v17:*:*:*:*:*:*:*:*
Siemens SIMATIC STEP 7 V17 - < * - cpe:2.3:a:siemens:simatic_step_7_v17:*:*:*:*:*:*:*:*
Siemens SIMATIC STEP 7 V18 - < * - cpe:2.3:a:siemens:simatic_step_7_v18:*:*:*:*:*:*:*:*
Siemens SIMATIC STEP 7 V19 - < V19 Update 4 - cpe:2.3:a:siemens:simatic_step_7_v19:*:*:*:*:*:*:*:*
Siemens SIMATIC STEP 7 V20 - < V20 Update 4 - cpe:2.3:a:siemens:simatic_step_7_v20:*:*:*:*:*:*:*:*
Siemens SIMATIC WinCC V17 - < * - cpe:2.3:a:siemens:simatic_wincc_v17:*:*:*:*:*:*:*:*
Siemens SIMATIC WinCC V18 - < * - cpe:2.3:a:siemens:simatic_wincc_v18:*:*:*:*:*:*:*:*
Siemens SIMATIC WinCC V19 - < V19 Update 4 - cpe:2.3:a:siemens:simatic_wincc_v19:*:*:*:*:*:*:*:*
Siemens SIMATIC WinCC V20 - < V20 Update 4 - cpe:2.3:a:siemens:simatic_wincc_v20:*:*:*:*:*:*:*:*
Siemens SIMOCODE ES V17 - < * - cpe:2.3:a:siemens:simocode_es_v17:*:*:*:*:*:*:*:*
Siemens SIMOCODE ES V18 - < * - cpe:2.3:a:siemens:simocode_es_v18:*:*:*:*:*:*:*:*
Siemens SIMOCODE ES V19 - < * - cpe:2.3:a:siemens:simocode_es_v19:*:*:*:*:*:*:*:*
Siemens SIMOCODE ES V20 - < * - cpe:2.3:a:siemens:simocode_es_v20:*:*:*:*:*:*:*:*
Siemens SIMOTION SCOUT TIA V5.4 - < * - cpe:2.3:a:siemens:simotion_scout_tia_v5.4:*:*:*:*:*:*:*:*
Siemens SIMOTION SCOUT TIA V5.5 - < * - cpe:2.3:a:siemens:simotion_scout_tia_v5.5:*:*:*:*:*:*:*:*
Siemens SIMOTION SCOUT TIA V5.6 - < V5.6 SP1 HF7 - cpe:2.3:a:siemens:simotion_scout_tia_v5.6:*:*:*:*:*:*:*:*
Siemens SIMOTION SCOUT TIA V5.7 - < * - cpe:2.3:a:siemens:simotion_scout_tia_v5.7:*:*:*:*:*:*:*:*
Siemens SINAMICS Startdrive V17 - < * - cpe:2.3:a:siemens:sinamics_startdrive_v17:*:*:*:*:*:*:*:*
Siemens SINAMICS Startdrive V18 - < * - cpe:2.3:a:siemens:sinamics_startdrive_v18:*:*:*:*:*:*:*:*
Siemens SINAMICS Startdrive V19 - < * - cpe:2.3:a:siemens:sinamics_startdrive_v19:*:*:*:*:*:*:*:*
Siemens SINAMICS Startdrive V20 - < * - cpe:2.3:a:siemens:sinamics_startdrive_v20:*:*:*:*:*:*:*:*
Siemens SIRIUS Safety ES V17 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_safety_es_v17_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Safety ES V18 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_safety_es_v18_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Safety ES V19 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_safety_es_v19_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Safety ES V20 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_safety_es_v20_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Soft Starter ES V17 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_soft_starter_es_v17_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Soft Starter ES V18 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_soft_starter_es_v18_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Soft Starter ES V19 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_soft_starter_es_v19_(tia_portal):*:*:*:*:*:*:*:*
Siemens SIRIUS Soft Starter ES V20 (TIA Portal) - < * - cpe:2.3:a:siemens:sirius_soft_starter_es_v20_(tia_portal):*:*:*:*:*:*:*:*
Siemens TIA Portal Cloud V17 - < * - cpe:2.3:a:siemens:tia_portal_cloud_v17:*:*:*:*:*:*:*:*
Siemens TIA Portal Cloud V18 - < * - cpe:2.3:a:siemens:tia_portal_cloud_v18:*:*:*:*:*:*:*:*
Siemens TIA Portal Cloud V19 - < V5.2.1.1 - cpe:2.3:a:siemens:tia_portal_cloud_v19:*:*:*:*:*:*:*:*
Siemens TIA Portal Cloud V20 - < V5.2.2.2 - cpe:2.3:a:siemens:tia_portal_cloud_v20:*:*:*:*:*:*:*:*
Siemens TIA Portal Test Suite V20 - < V20 Update 4 - cpe:2.3:a:siemens:tia_portal_test_suite_v20:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
CVSS评分详情
3.1 (cna)
HIGH
8.2
CVSS向量: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
4.0 (cna)
HIGH
8.6
CVSS向量: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
后续系统影响 (Subsequent):
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2025-08-12 11:16:53
修改时间:
2025-10-14 09:15:07
创建时间:
2025-11-11 15:39:51
更新时间:
2026-01-12 02:27:18
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2024-54678 2025-11-11 15:22:52 2025-11-11 07:39:51
NVD nvd_CVE-2024-54678 2025-11-11 15:00:21 2025-11-11 07:47:44
CNNVD cnnvd_CNNVD-202508-1026 2025-11-11 15:12:53 2025-11-11 08:00:04
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:04
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202508-1026; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202508-1026
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:47:44
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']