March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Roku Data Breach Impacts More Than Half a Million Users
April 15, 2024Amadey Botnet – Active IOCs
April 15, 2024Roku Data Breach Impacts More Than Half a Million Users
April 15, 2024Amadey Botnet – Active IOCs
April 15, 2024
Severity
Meduim
Analysis Summary
CVE-2024-26275 CVSS:7.8
Siemens Parasolid could allow a local attacker to execute arbitrary code on the system, caused by an out of bounds read flaw. By parsing a specially crafted X_T files, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-26276 CVSS:5.3
Siemens Parasolid is vulnerable to a denial of service, caused by a stack exhaustion vulnerability. By parsing specially crafted X_T files, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-26277 CVSS:3.3
Siemens Parasolid is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability. By parsing specially crafted X_T files, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-50821 CVSS:6.2
Siemens SIMATIC WinCC is vulnerable to a denial of service, caused by improper input validation in the login dialog box. By sending a specially crafted input, a local attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-26275
- CVE-2024-26276
- CVE-2024-26277
- CVE-2023-50821
Affected Vendors
Siemens
Affected Products
- Siemens Parasolid 35.1
- Siemens Parasolid 36.0
- Siemens SIMATIC WinCC 7.5
- Siemens SIMATIC PCS 7 9.1
- Siemens SIMATIC WinCC Runtime Professional 18
- Siemens SIMATIC WinCC Runtime Professional 19
- Siemens SIMATIC WinCC 8.0
- Siemens Parasolid 36.1
- Siemens SIMATIC WinCC Runtime Professional 17
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.