CVE-2024-33698

Name of the Vulnerable Software and Affected Versions SIMATIC Information Server versions 2022 and 2024 SIMATIC PCS neo versions 4.0, 4.1 through 4.1 Update 2, and 5.0 SINEC NMS versions prior to the fixed version Totally Integrated Automation Portal (TIA Portal) versions 16, 17 through 17 Update 8, 18, and 19 through 19 Update 3 Opcenter Execution Foundation versions prior to the fixed version Opcenter Quality versions prior to the fixed version Opcenter RDL versions prior to the fixed version

Description The issue is related to a heap-based buffer overflow vulnerability in the integrated User Management Component (UMC) of various Siemens products. This could allow an unauthenticated remote attacker to execute arbitrary code. The vulnerability is considered critical and may have a significant impact on industrial control systems.

Recommendations For SIMATIC Information Server versions 2022 and 2024, update to a version that includes the fix for this vulnerability. For SIMATIC PCS neo version 4.0, update to a version that includes the fix for this vulnerability. For SIMATIC PCS neo version 4.1, update to version 4.1 Update 2 or later. For SIMATIC PCS neo version 5.0, update to a version that includes the fix for this vulnerability. For SINEC NMS, update to a version that includes the fix for this vulnerability. For Totally Integrated Automation Portal (TIA Portal) version 16, update to a version that includes the fix for this vulnerability. For Totally Integrated Automation Portal (TIA Portal) version 17, update to version 17 Update 8 or later. For Totally Integrated Automation Portal (TIA Portal) version 18, update to a version that includes the fix for this vulnerability. For Totally Integrated Automation Portal (TIA Portal) version 19, update to version 19 Update 3 or later. For Opcenter Execution Foundation, update to a version that includes the fix for this vulnerability. For Opcenter Quality, update to a version that includes the fix for this vulnerability. For Opcenter RDL, update to a version that includes the fix for this vulnerability.