ssa-392859
Vulnerability from csaf_siemens
Published
2024-12-10 00:00
Modified
2025-08-12 00:00
Summary
SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Notes
Summary
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter "Additional Information" below for more details.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.\n\nSiemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter \"Additional Information\" below for more details.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
},
{
"category": "self",
"summary": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-392859.json"
}
],
"title": "SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-392859",
"initial_release_date": "2024-12-10T00:00:00Z",
"revision_history": [
{
"date": "2024-12-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Totally Integrated Automation Portal (TIA Portal) V19; Name of SIMOTION SCOUT TIA V5.6 SP1 was updated to SIMOTION SCOUT TIA V5.6 and Name of SIMOTION SCOUT TIA V5.5 SP1 was updated to SIMOTION SCOUT TIA V5.5 and Name of SIMOTION SCOUT TIA V5.4 SP3 was updated to SIMOTION SCOUT TIA V5.4"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V17",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-PLCSIM V18",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-PLCSIM V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 Safety V17",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 Safety V18",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC STEP 7 Safety V19",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 Safety V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 V17",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC STEP 7 V18",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC STEP 7 V19",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIMATIC STEP 7 V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V18",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC Unified PC Runtime V19",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified PC Runtime V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified V17",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC Unified V18",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC Unified V19",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC Unified V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC V17",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC WinCC V18",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V19 Update 4",
"product": {
"name": "SIMATIC WinCC V19",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "SIMATIC WinCC V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V17",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V18",
"product_id": "18"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOCODE ES V19",
"product_id": "19"
}
}
],
"category": "product_name",
"name": "SIMOCODE ES V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.4",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMOTION SCOUT TIA V5.5",
"product_id": "21"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions \u003c V5.6 SP1 HF7",
"product": {
"name": "SIMOTION SCOUT TIA V5.6",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "SIMOTION SCOUT TIA V5.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V17",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V18",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINAMICS Startdrive V19",
"product_id": "25"
}
}
],
"category": "product_name",
"name": "SINAMICS Startdrive V19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V17 (TIA Portal)",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V18 (TIA Portal)",
"product_id": "27"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Safety ES V19 (TIA Portal)",
"product_id": "28"
}
}
],
"category": "product_name",
"name": "SIRIUS Safety ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"product_id": "29"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V17 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"product_id": "30"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V18 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"product_id": "31"
}
}
],
"category": "product_name",
"name": "SIRIUS Soft Starter ES V19 (TIA Portal)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V17",
"product_id": "32"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "TIA Portal Cloud V18",
"product_id": "33"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c5.2.1.1",
"product": {
"name": "TIA Portal Cloud V19",
"product_id": "34"
}
}
],
"category": "product_name",
"name": "TIA Portal Cloud V19"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-52051",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34"
]
},
"remediations": [
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1",
"2",
"3",
"4",
"6",
"7",
"9",
"11",
"12",
"14",
"15",
"17",
"18",
"19",
"20",
"21",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33"
]
},
{
"category": "vendor_fix",
"details": "Update to V19 Update 4 or later version",
"product_ids": [
"5",
"8",
"10",
"13",
"16"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109925643/"
},
{
"category": "vendor_fix",
"details": "Update to V5.6 SP1 HF7 or later version",
"product_ids": [
"22"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109989067/"
},
{
"category": "vendor_fix",
"details": "TIA Portal Cloud V5.2.1.1 or later version updated TIA Portal to V19 Update 4 or later version",
"product_ids": [
"34"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29",
"30",
"31",
"32",
"33",
"34"
]
}
],
"title": "CVE-2024-52051"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…