Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-52051

CVSS 7.3 · High EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-52051

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions < V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC WinCC和Siemens SIMATIC STEP 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC WinCC和Siemens SIMATIC STEP都是德国西门子(Siemens)公司的产品。Siemens SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。Siemens SIMATIC STEP是用于配置和编程 SIMATIC 控制器的综合工程工具。 Siemens SIMATIC WinCC和Siemens SIMATIC STEP存在输入验证错误漏洞,该漏洞源于受影响的设备在解析用户设置时无法正确清理用户可控制的输入。攻击者利用该漏洞可以
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensSIMATIC S7-PLCSIM V17 0 ~ * -
SiemensSIMATIC S7-PLCSIM V18 0 ~ * -
SiemensSIMATIC STEP 7 Safety V17 0 ~ V17 Update 9 -
SiemensSIMATIC STEP 7 Safety V18 0 ~ * -
SiemensSIMATIC STEP 7 Safety V19 0 ~ V19 Update 4 -
SiemensSIMATIC STEP 7 V17 0 ~ V17 Update 9 -
SiemensSIMATIC STEP 7 V18 0 ~ * -
SiemensSIMATIC STEP 7 V19 0 ~ V19 Update 4 -
SiemensSIMATIC WinCC Unified PC Runtime V18 0 ~ * -
SiemensSIMATIC WinCC Unified PC Runtime V19 0 ~ V19 Update 4 -
SiemensSIMATIC WinCC Unified V17 0 ~ V17 Update 9 -
SiemensSIMATIC WinCC Unified V18 0 ~ * -
SiemensSIMATIC WinCC Unified V19 0 ~ V19 Update 4 -
SiemensSIMATIC WinCC V17 0 ~ V17 Update 9 -
SiemensSIMATIC WinCC V18 0 ~ * -
SiemensSIMATIC WinCC V19 0 ~ V19 Update 4 -
SiemensSIMOCODE ES V17 0 ~ * -
SiemensSIMOCODE ES V18 0 ~ * -
SiemensSIMOCODE ES V19 0 ~ * -
SiemensSIMOTION SCOUT TIA V5.4 0 ~ * -
SiemensSIMOTION SCOUT TIA V5.5 0 ~ * -
SiemensSIMOTION SCOUT TIA V5.6 0 ~ V5.6 SP1 HF7 -
SiemensSINAMICS Startdrive V17 0 ~ * -
SiemensSINAMICS Startdrive V18 0 ~ * -
SiemensSINAMICS Startdrive V19 0 ~ * -
SiemensSIRIUS Safety ES V17 (TIA Portal) 0 ~ * -
SiemensSIRIUS Safety ES V18 (TIA Portal) 0 ~ * -
SiemensSIRIUS Safety ES V19 (TIA Portal) 0 ~ * -
SiemensSIRIUS Soft Starter ES V17 (TIA Portal) 0 ~ * -
SiemensSIRIUS Soft Starter ES V18 (TIA Portal) 0 ~ * -
SiemensSIRIUS Soft Starter ES V19 (TIA Portal) 0 ~ * -
SiemensTIA Portal Cloud V17 0 ~ * -
SiemensTIA Portal Cloud V18 0 ~ * -
SiemensTIA Portal Cloud V19 0 ~ V5.2.1.1 -

II. Public POCs for CVE-2024-52051

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-52051

登录查看更多情报信息。

Same Patch Batch · Siemens · 2024-12-10 · 12 CVEs total

CVE-2020-283988.8 HIGHSiemens RUGGEDCOM 安全漏洞
CVE-2024-540957.8 HIGHSiemens Solid Edge 数字错误漏洞
CVE-2024-540947.8 HIGHSiemens Solid Edge 安全漏洞
CVE-2024-540937.8 HIGHSiemens Solid Edge 安全漏洞
CVE-2024-540917.8 HIGHSiemens Parasolid 缓冲区错误漏洞
CVE-2024-532427.8 HIGHSiemens Teamcenter Visualization和Siemens Tecnomatix Plant Simulation 缓冲区错误漏洞
CVE-2024-530417.8 HIGHSiemens Teamcenter Visualization和Siemens Tecnomatix Plant Simulation 安全漏洞
CVE-2024-498497.8 HIGHSiemens SIMATIC WinCC和Siemens SIMATIC STEP 代码问题漏洞
CVE-2024-497045.5 MEDIUMSiemens Comos 代码问题漏洞
CVE-2024-540055.1 MEDIUMSiemens Comos 代码问题漏洞
CVE-2024-538324.6 MEDIUMSiemens CPCI85 Central Processing 安全漏洞

IV. Related Vulnerabilities

Same product: SIMATIC S7-PLCSIM V17
Same vendor: Siemens
Same weakness: CWE-20

V. Comments for CVE-2024-52051

No comments yet

Leave a comment