CVE-2024-49849
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-49849 is a critical vulnerability affecting multiple Siemens software versions, including SIMATIC S7-PLCSIM, SIMATIC STEP 7 Safety, WinCC, SIMOCODE ES, SIMOTION SCOUT TIA, SIRIUS Safety ES, and TIA Portal Cloud. The issue lies in the inadequate sanitization of user-controllable input when processing log files, enabling type confusion and arbitrary code execution by attackers. This affects the following software versions: SIMATIC S7-PLCSIM V16 to V19, SIMATIC STEP 7 Safety V16 to V19, SIMATIC WinCC V16 to V19, SIMOTION SCOUT TIA V5.4 SP1 to V5.6 SP1, SINAMICS Startdrive V16 to V19, SIRIUS Safety ES V17 to V19, SIRIUS Soft Starter ES V17 to V19, TIA Portal Cloud V16 to V19.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.