CVE-2024-54678

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo versions 4.1 through 6.0 SIMATIC S7-PLCSIM version 17 SIMATIC STEP 7 versions 17 through 20 SIMATIC WinCC versions 17 through 20 SIMOCODE ES versions 17 through 20 SIMOTION SCOUT TIA versions 5.4 through 5.7 SINAMICS Startdrive versions 17 through 20 SIRIUS Safety ES versions 17 through 20 (TIA Portal) SIRIUS Soft Starter ES versions 17 through 20 (TIA Portal) TIA Portal Cloud versions 17 through 20 TIA Portal Test Suite version 20 SIMATIC STEP 7 versions prior to 19 Update 4 SIMOTION SCOUT TIA versions prior to 5.6 SP1 HF7 TIA Portal Cloud versions prior to 5.2.1.1

Description: Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

Recommendations: SIMATIC PCS neo versions 4.1 through 6.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC S7-PLCSIM version 17: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC STEP 7 versions 17 through 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC WinCC versions 17 through 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOCODE ES versions 17 through 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOTION SCOUT TIA versions 5.4 through 5.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINAMICS Startdrive versions 17 through 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIRIUS Safety ES versions 17 through 20 (TIA Portal): At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIRIUS Soft Starter ES versions 17 through 20 (TIA Portal): At the moment, there is no information about a newer version that contains a fix for this vulnerability. TIA Portal Cloud versions 17 through 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TIA Portal Test Suite version 20: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMATIC STEP 7 versions prior to 19 Update 4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOTION SCOUT TIA versions prior to 5.6 SP1 HF7: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TIA Portal Cloud versions prior to 5.2.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.