CVE-2024-54678

CVSS 8.2 · High EPSS 0.08% · P24 Updated Dec 09, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-54678

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2), TIA Portal Test Suite V20 (All versions < V20 Update 4). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

可信数据的反序列化

Source: NVD (National Vulnerability Database)

Vulnerability Title

Siemens多款产品代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Siemens SIMATIC PCS等都是德国西门子（Siemens）公司的产品。Siemens SIMATIC PCS是一套过程控制系统。Siemens SIMATIC S7-PLCSIM V17是一款PLC程序仿真软件。Siemens SIMATIC STEP 7是一款PLC程序仿真软件。 Siemens多款产品存在代码问题漏洞，该漏洞源于输入清理不当，可能导致执行任意代码。以下产品及版本受到影响：SIMATIC PCS V4.1、V5.0、V6.0、SIMATIC S7-PLCSIM V17、SI

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Siemens	SIMATIC PCS neo V4.1	0 ~ *	-
Siemens	SIMATIC PCS neo V5.0	0 ~ *	-
Siemens	SIMATIC PCS neo V6.0	0 ~ *	-
Siemens	SIMATIC S7-PLCSIM V17	0 ~ *	-
Siemens	SIMATIC STEP 7 V17	0 ~ V17 Update 9	-
Siemens	SIMATIC STEP 7 V18	0 ~ *	-
Siemens	SIMATIC STEP 7 V19	0 ~ V19 Update 4	-
Siemens	SIMATIC STEP 7 V20	0 ~ V20 Update 4	-
Siemens	SIMATIC WinCC V17	0 ~ V17 Update 9	-
Siemens	SIMATIC WinCC V18	0 ~ *	-
Siemens	SIMATIC WinCC V19	0 ~ V19 Update 4	-
Siemens	SIMATIC WinCC V20	0 ~ V20 Update 4	-
Siemens	SIMOCODE ES V17	0 ~ *	-
Siemens	SIMOCODE ES V18	0 ~ *	-
Siemens	SIMOCODE ES V19	0 ~ *	-
Siemens	SIMOCODE ES V20	0 ~ *	-
Siemens	SIMOTION SCOUT TIA V5.4	0 ~ *	-
Siemens	SIMOTION SCOUT TIA V5.5	0 ~ *	-
Siemens	SIMOTION SCOUT TIA V5.6	0 ~ V5.6 SP1 HF7	-
Siemens	SIMOTION SCOUT TIA V5.7	0 ~ *	-
Siemens	SINAMICS Startdrive V17	0 ~ *	-
Siemens	SINAMICS Startdrive V18	0 ~ *	-
Siemens	SINAMICS Startdrive V19	0 ~ *	-
Siemens	SINAMICS Startdrive V20	0 ~ *	-
Siemens	SIRIUS Safety ES V17 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Safety ES V18 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Safety ES V19 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Safety ES V20 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Soft Starter ES V17 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Soft Starter ES V18 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Soft Starter ES V19 (TIA Portal)	0 ~ *	-
Siemens	SIRIUS Soft Starter ES V20 (TIA Portal)	0 ~ *	-
Siemens	TIA Portal Cloud V17	0 ~ *	-
Siemens	TIA Portal Cloud V18	0 ~ *	-
Siemens	TIA Portal Cloud V19	0 ~ V5.2.1.1	-
Siemens	TIA Portal Cloud V20	0 ~ V5.2.2.2	-
Siemens	TIA Portal Test Suite V20	0 ~ V20 Update 4	-

II. Public POCs for CVE-2024-54678

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-54678

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-54678

Same Patch Batch · Siemens · 2025-08-12 · 28 CVEs total

CVE-2025-40746	9.1 CRITICAL	Siemens SIMATIC RTLS Locating Manager 输入验证错误漏洞
CVE-2025-40743	8.3 HIGH	Siemens多款产品安全漏洞
CVE-2025-30033	7.8 HIGH	Siemens多款产品代码问题漏洞
CVE-2025-40767	7.8 HIGH	Siemens SINEC Traffic Analyzer 安全漏洞
CVE-2025-40764	7.8 HIGH	Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2025-40762	7.8 HIGH	Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2025-40759	7.8 HIGH	Siemens多款产品代码问题漏洞
CVE-2025-40761	7.6 HIGH	Siemens多款产品安全漏洞
CVE-2024-52504	7.5 HIGH	Siemens多款产品代码问题漏洞
CVE-2025-40769	7.4 HIGH	Siemens SINEC Traffic Analyzer 安全漏洞
CVE-2025-40770	7.4 HIGH	Siemens SINEC Traffic Analyzer 安全漏洞
CVE-2025-40768	7.3 HIGH	Siemens SINEC Traffic Analyzer 信息泄露漏洞
CVE-2024-41979	7.1 HIGH	Siemens多款产品安全漏洞
CVE-2024-41986	6.4 MEDIUM	Siemens多款产品加密问题漏洞
CVE-2025-40751	6.3 MEDIUM	Siemens SIMATIC RTLS Locating Manager 安全漏洞
CVE-2025-30034	6.2 MEDIUM	Siemens SIMATIC RTLS Locating Manager 安全漏洞
CVE-2025-40753	6.2 MEDIUM	Siemens POWER METER SICAM Q100和Siemens POWER METER SICAM Q200 安全漏洞
CVE-2025-40752	6.2 MEDIUM	Siemens POWER METER SICAM Q100和Siemens POWER METER SICAM Q200 安全漏洞
CVE-2025-40766	5.5 MEDIUM	Siemens SINEC Traffic Analyzer 资源管理错误漏洞
CVE-2025-40584	5.5 MEDIUM	Siemens多款产品代码问题漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: SIMATIC PCS neo V4.1

Same vendor: Siemens

Same weakness: CWE-502

V. Comments for CVE-2024-54678

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-54678

I. Basic Information for CVE-2024-54678

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-54678

III. Intelligence Information for CVE-2024-54678

Same Patch Batch · Siemens · 2025-08-12 · 28 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-54678

Leave a comment