Siemens Engineering Platforms

Source: All CISA Advisories | Added:

Siemens has reported a vulnerability affecting multiple engineering platforms that could allow local authenticated attackers to execute arbitrary code due to improper handling of untrusted data. The vulnerability, identified as CVE-2024-54678, has a CVSS score of 8.2, indicating a high risk level.

---

Impact: Siemens SIMATIC PCS neo, Siemens SIMATIC WinCC, Siemens SIMOCODE ES, Siemens SIMOTION SCOUT TIA, Siemens SINAMICS Startdrive, Siemens SIRIUS Safety ES, Siemens SIRIUS Soft Starter, Siemens TIA Portal Cloud, Siemens SIMATIC STEP 7

In the Wild: Unknown

Age: Newly disclosed

Remediation: Execute affected software on Windows hosts with a single user configured; restrict access on server systems to administrators only.

Read Full Original Article →