CVE-2024-49775

Name of the Vulnerable Software and Affected Versions Opcenter Execution Foundation versions prior to V5.0 Update 1 Opcenter Intelligence versions prior to V5.0 Update 1 Opcenter Quality versions prior to V5.0 Update 1 Opcenter RDL versions prior to V5.0 Update 1 SIMATIC PCS neo V4.0 versions prior to V5.0 Update 1 SIMATIC PCS neo V4.1 versions prior to V5.0 Update 1 SIMATIC PCS neo V5.0 versions prior to V5.0 Update 1 SINEC NMS versions prior to V2.15 Totally Integrated Automation Portal (TIA Portal) V16 versions prior to V5.0 Update 1 Totally Integrated Automation Portal (TIA Portal) V17 versions prior to V5.0 Update 1 Totally Integrated Automation Portal (TIA Portal) V18 versions prior to V5.0 Update 1 Totally Integrated Automation Portal (TIA Portal) V19 versions prior to V5.0 Update 1

Description The issue is related to a heap-based buffer overflow vulnerability in the integrated UMC component of the affected products. This could allow an unauthenticated remote attacker to execute arbitrary code. The vulnerability may expose systems to remote exploitation, potentially impacting industrial and enterprise environments.

Recommendations For Opcenter Execution Foundation, update to a version that includes the fix for this issue. For Opcenter Intelligence, update to a version that includes the fix for this issue. For Opcenter Quality, update to a version that includes the fix for this issue. For Opcenter RDL, update to a version that includes the fix for this issue. For SIMATIC PCS neo V4.0, update to a version that includes the fix for this issue. For SIMATIC PCS neo V4.1, update to a version that includes the fix for this issue. For SIMATIC PCS neo V5.0, update to V5.0 Update 1 or later. For SINEC NMS, update to V2.15 or later. For Totally Integrated Automation Portal (TIA Portal) V16, update to a version that includes the fix for this issue. For Totally Integrated Automation Portal (TIA Portal) V17, update to a version that includes the fix for this issue. For Totally Integrated Automation Portal (TIA Portal) V18, update to a version that includes the fix for this issue. For Totally Integrated Automation Portal (TIA Portal) V19, update to a version that includes the fix for this issue. As a temporary workaround, consider filtering ports 4002/4004 and blocking port 4004 if RT servers are unused.