CVE-2024-52051

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 20

Summary

CVE-2024-52051 is a newly identified vulnerability that affects multiple Siemens software and runtime systems. The affected products include various versions of SIMATIC S7-PLCSIM, STEP 7 Safety, WinCC, SIMOCODE ES, SIMOTION SCOUT TIA, Startdrive, and SIRIUS Safety ES, as well as TIA Portal Cloud. These software applications do not adequately sanitize user-controllable input when parsing user settings, creating a risk for local arbitrary command execution in the host operating system. Attackers can potentially exploit this weakness to gain elevated privileges, potentially causing significant damage to industrial processes or systems connected to these applications. Users are strongly advised to update their software to the latest, secure versions as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share