cvelistv5 - cve-2024-53832

CVE-2024-53832 (GCVE-0-2024-53832)

Vulnerability from cvelistv5

Published

2024-12-10 13:54

Modified

2025-11-03 20:48

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-522 - Insufficiently Protected Credentials

Summary

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/ssa-128393.html

Impacted products

	Vendor	Product	Version
	Siemens	CPCI85 Central Processing/Communication	Version: 0 < V05.30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:16:55.369787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T17:17:37.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:25.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Feb/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "CPCI85 Central Processing/Communication",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V05.30",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:54:14.682Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-53832",
    "datePublished": "2024-12-10T13:54:14.682Z",
    "dateReserved": "2024-11-22T14:39:32.052Z",
    "dateUpdated": "2025-11-03T20:48:25.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Feb/19\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:48:25.060Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-53832\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-10T15:16:55.369787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-10T15:17:07.852Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"CPCI85 Central Processing/Communication\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V05.30\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-128393.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"CWE-522: Insufficiently Protected Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2024-12-10T13:54:14.682Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-53832\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:48:25.060Z\", \"dateReserved\": \"2024-11-22T14:39:32.052Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-12-10T13:54:14.682Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2024-AVI-1062

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	TIA Portal Cloud V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC STEP 7 V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V17 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC WinCC Unified V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC S7-PLCSIM V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	SIMATIC STEP 7 Safety V19 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V19 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	CPCI85 Central Processing/Communication versions antérieures à V05.30
Siemens	N/A	SIMATIC STEP 7 V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.
Siemens	N/A	TIA Portal Cloud V17 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	SIMATIC WinCC Unified V18 toutes versions pour la vulnérabilité CVE-2024-52051
Siemens	N/A	SIMATIC STEP 7 Safety V18 toutes versions pour la vulnérabilité CVE-2024-49849
Siemens	N/A	TIA Portal Cloud V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2024-49849.

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-800126	2024-12-10	vendor-advisory
Bulletin de sécurité Siemens SSA-392859	2024-12-10	vendor-advisory
Bulletin de sécurité Siemens SSA-128393	2024-12-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Soft Starter ES V19 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V18 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIRIUS Safety ES V17 (TIA Portal) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CPCI85 Central Processing/Communication versions ant\u00e9rieures \u00e0 V05.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V17 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Unified V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-52051",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 Safety V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-49849.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52051"
    },
    {
      "name": "CVE-2024-53832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53832"
    },
    {
      "name": "CVE-2024-49849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49849"
    }
  ],
  "initial_release_date": "2024-12-11T00:00:00",
  "last_revision_date": "2024-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1062",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-800126",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-392859",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-128393",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-53832 (GCVE-0-2024-53832)

Vulnerability from cvelistv5

CERTFR-2024-AVI-1062

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature