SSA-392859

Siemens Security Advisory by Siemens ProductCERT

SSA-392859: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20

Publication Date:	2024-12-10
Last Update:	2025-08-12
Current Version:	V1.1
CVSS v3.1 Base Score:	7.3
CVSS v4.0 Base Score:	7.0

SUMMARY

Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

Siemens has released products based on the Totally Integrated Automation Portal (TIA Portal) V20 which are not affected by CVE-2024-52051. See the chapter "Additional Information" below for more details.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC S7-PLCSIM	Show more details
SIMATIC S7-PLCSIM V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC S7-PLCSIM V18 All versions affected by CVE-2024-52051	Currently no fix is available
Totally Integrated Automation Portal (TIA Portal)	Show more details
Totally Integrated Automation Portal (TIA Portal) V17	Show more details
SIMATIC STEP 7 Safety V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC STEP 7 V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC WinCC Unified V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC WinCC V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMOCODE ES V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIMOTION SCOUT TIA V5.4 All versions affected by CVE-2024-52051	Currently no fix is available
SINAMICS Startdrive V17 All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Safety ES V17 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Soft Starter ES V17 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
TIA Portal Cloud V17 All versions affected by CVE-2024-52051	Currently no fix is available
Totally Integrated Automation Portal (TIA Portal) V18	Show more details
SIMATIC STEP 7 Safety V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC STEP 7 V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC WinCC Unified PC Runtime V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC WinCC Unified V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMATIC WinCC V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMOCODE ES V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIMOTION SCOUT TIA V5.5 All versions affected by CVE-2024-52051	Currently no fix is available
SINAMICS Startdrive V18 All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Safety ES V18 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Soft Starter ES V18 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
TIA Portal Cloud V18 All versions affected by CVE-2024-52051	Currently no fix is available
Totally Integrated Automation Portal (TIA Portal) V19	Show more details
SIMATIC STEP 7 Safety V19 All versions < V19 Update 4 affected by CVE-2024-52051	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMATIC STEP 7 V19 All versions < V19 Update 4 affected by CVE-2024-52051	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMATIC WinCC Unified PC Runtime V19 All versions < V19 Update 4 affected by CVE-2024-52051	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMATIC WinCC Unified V19 All versions < V19 Update 4 affected by CVE-2024-52051	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMATIC WinCC V19 All versions < V19 Update 4 affected by CVE-2024-52051	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/
SIMOCODE ES V19 All versions affected by CVE-2024-52051	Currently no fix is available
SIMOTION SCOUT TIA V5.6 All versions < V5.6 SP1 HF7 affected by CVE-2024-52051	Update to V5.6 SP1 HF7 or later version https://support.industry.siemens.com/cs/ww/en/view/109989067/
SINAMICS Startdrive V19 All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Safety ES V19 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
SIRIUS Soft Starter ES V19 (TIA Portal) All versions affected by CVE-2024-52051	Currently no fix is available
TIA Portal Cloud V19 All versions < V5.2.1.1 affected by CVE-2024-52051	TIA Portal Cloud V5.2.1.1 or later version updated TIA Portal to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109794456/ https://support.industry.siemens.com/cs/ww/en/view/109925643/

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-52051

The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.

CVSS v3.1 Base Score	7.3
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score	7.0
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-20: Improper Input Validation

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

Peter Cheng from Elex Feigong Research Institute for coordinated disclosure

ADDITIONAL INFORMATION

Products based on the Totally Integrated Automation Portal (TIA Portal) V20 [1] are not affected by CVE-2024-52051.

[1] https://support.industry.siemens.com/cs/document/109963850

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2024-12-10):	Publication Date
V1.1 (2025-08-12):	Added fix for Totally Integrated Automation Portal (TIA Portal) V19; Name of SIMOTION SCOUT TIA V5.6 SP1 was updated to SIMOTION SCOUT TIA V5.6 and Name of SIMOTION SCOUT TIA V5.5 SP1 was updated to SIMOTION SCOUT TIA V5.5 and Name of SIMOTION SCOUT TIA V5.4 SP3 was updated to SIMOTION SCOUT TIA V5.4

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.