216.73.217.64

CVE-2024-54678

· Published 12/08/2025 12:15 · Modified 12/08/2025 14:25

Labels: CVE-2024-54678 2025-08-12CVE-2024-54678CWE-502[email protected]

Essential information

Published
12/08/2025 12:15
Modified
12/08/2025 14:25
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / simatic pcs neo cpe:2.3:a:siemens:simatic_pcs_neo:4.1:*:*:*:*:*:*:*
siemens / simatic pcs neo cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*
siemens / simatic pcs neo cpe:2.3:a:siemens:simatic_pcs_neo:6.0:*:*:*:*:*:*:*
siemens / simatic s7 plcsim cpe:2.3:a:siemens:simatic_s7_plcsim:17:*:*:*:*:*:*:*
siemens / simatic step 7 cpe:2.3:a:siemens:simatic_step_7:17:*:*:*:*:*:*:*
siemens / simatic step 7 cpe:2.3:a:siemens:simatic_step_7:18:*:*:*:*:*:*:*
siemens / simatic step 7 cpe:2.3:a:siemens:simatic_step_7:19:<19.0:*:*:*:*:*:*
siemens / simatic step 7 cpe:2.3:a:siemens:simatic_step_7:20:*:*:*:*:*:*:*
siemens / simatic wincc cpe:2.3:a:siemens:simatic_wincc:17:*:*:*:*:*:*:*
siemens / simatic wincc cpe:2.3:a:siemens:simatic_wincc:18:*:*:*:*:*:*:*
siemens / simatic wincc cpe:2.3:a:siemens:simatic_wincc:19:<19.0:*:*:*:*:*:*
siemens / simatic wincc cpe:2.3:a:siemens:simatic_wincc:20:*:*:*:*:*:*:*
siemens / symocode es cpe:2.3:a:siemens:symocode_es:17:*:*:*:*:*:*:*
siemens / symocode es cpe:2.3:a:siemens:symocode_es:18:*:*:*:*:*:*:*
siemens / symocode es cpe:2.3:a:siemens:symocode_es:19:*:*:*:*:*:*:*
siemens / symocode es cpe:2.3:a:siemens:symocode_es:20:*:*:*:*:*:*:*
siemens / s-motion scout tia cpe:2.3:a:siemens:s-motion_scout_tia:5.4:*:*:*:*:*:*:*
siemens / s-motion scout tia cpe:2.3:a:siemens:s-motion_scout_tia:5.5:*:*:*:*:*:*:*
siemens / s-motion scout tia cpe:2.3:a:siemens:s-motion_scout_tia:5.6:<5.6.SP1.HF7:*:*:*:*:*:*
siemens / s-motion scout tia cpe:2.3:a:siemens:s-motion_scout_tia:5.7:*:*:*:*:*:*:*
siemens / sinamics startdrive cpe:2.3:a:siemens:sinamics_startdrive:17:*:*:*:*:*:*:*
siemens / sinamics startdrive cpe:2.3:a:siemens:sinamics_startdrive:18:*:*:*:*:*:*:*
siemens / sinamics startdrive cpe:2.3:a:siemens:sinamics_startdrive:19:*:*:*:*:*:*:*
siemens / sinamics startdrive cpe:2.3:a:siemens:sinamics_startdrive:20:*:*:*:*:*:*:*
siemens / sirius safety es cpe:2.3:a:siemens:sirius_safety_es:17:*:tia_portal:*:*:*:*:*:*
siemens / sirius safety es cpe:2.3:a:siemens:sirius_safety_es:18:*:tia_portal:*:*:*:*:*:*
siemens / sirius safety es cpe:2.3:a:siemens:sirius_safety_es:19:*:tia_portal:*:*:*:*:*:*
siemens / sirius safety es cpe:2.3:a:siemens:sirius_safety_es:20:*:tia_portal:*:*:*:*:*:*
siemens / sirius soft starter es cpe:2.3:a:siemens:sirius_soft_starter_es:17:*:tia_portal:*:*:*:*:*:*
siemens / sirius soft starter es cpe:2.3:a:siemens:sirius_soft_starter_es:18:*:tia_portal:*:*:*:*:*:*
siemens / sirius soft starter es cpe:2.3:a:siemens:sirius_soft_starter_es:19:*:tia_portal:*:*:*:*:*:*
siemens / sirius soft starter es cpe:2.3:a:siemens:sirius_soft_starter_es:20:*:tia_portal:*:*:*:*:*:*
siemens / tia portal cloud cpe:2.3:a:siemens:tia_portal_cloud:17:*:*:*:*:*:*:*
siemens / tia portal cloud cpe:2.3:a:siemens:tia_portal_cloud:18:*:*:*:*:*:*:*
siemens / tia portal cloud cpe:2.3:a:siemens:tia_portal_cloud:19:<5.2.1.1:*:*:*:*:*:*
siemens / tia portal cloud cpe:2.3:a:siemens:tia_portal_cloud:20:*:*:*:*:*:*:*
siemens / tia portal test suite cpe:2.3:a:siemens:tia_portal_test_suite:20:*:*:*:*:*:*:*

References