SSA-693808

Siemens Security Advisory by Siemens ProductCERT

SSA-693808: Deserialization Vulnerability in Siemens Engineering Platforms

Publication Date:	2025-08-12
Last Update:	2025-08-12
Current Version:	V1.0
CVSS v3.1 Base Score:	8.2
CVSS v4.0 Base Score:	8.6

SUMMARY

Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges.

Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SIMATIC PCS neo	Show more details
SIMATIC PCS neo V4.1 All versions affected by CVE-2024-54678	Currently no fix is planned See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V5.0 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC PCS neo V6.0 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC S7-PLCSIM V17 All versions affected by CVE-2024-54678	Currently no fix is planned See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal)	Show more details
Totally Integrated Automation Portal (TIA Portal) V17	Show more details
SIMATIC STEP 7 V17 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC WinCC V17 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOCODE ES V17 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOTION SCOUT TIA V5.4 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINAMICS Startdrive V17 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Safety ES V17 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Soft Starter ES V17 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
TIA Portal Cloud V17 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V18	Show more details
SIMATIC STEP 7 V18 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC WinCC V18 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOCODE ES V18 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOTION SCOUT TIA V5.5 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINAMICS Startdrive V18 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Safety ES V18 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Soft Starter ES V18 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
TIA Portal Cloud V18 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V19	Show more details
SIMATIC STEP 7 V19 All versions < V19 Update 4 affected by CVE-2024-54678	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/ See further recommendations from section Workarounds and Mitigations
SIMATIC WinCC V19 All versions < V19 Update 4 affected by CVE-2024-54678	Update to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109925643/ See further recommendations from section Workarounds and Mitigations
SIMOCODE ES V19 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOTION SCOUT TIA V5.6 All versions < V5.6 SP1 HF7 affected by CVE-2024-54678	Update to V5.6 SP1 HF7 or later version https://support.industry.siemens.com/cs/ww/en/view/109989067/ See further recommendations from section Workarounds and Mitigations
SINAMICS Startdrive V19 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Safety ES V19 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Soft Starter ES V19 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
TIA Portal Cloud V19 All versions < V5.2.1.1 affected by CVE-2024-54678	TIA Portal Cloud V5.2.1.1 or later version updated TIA Portal to V19 Update 4 or later version https://support.industry.siemens.com/cs/ww/en/view/109794456/ https://support.industry.siemens.com/cs/ww/en/view/109925643/ See further recommendations from section Workarounds and Mitigations
Totally Integrated Automation Portal (TIA Portal) V20	Show more details
SIMATIC STEP 7 V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMATIC WinCC V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOCODE ES V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIMOTION SCOUT TIA V5.7 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SINAMICS Startdrive V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Safety ES V20 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
SIRIUS Soft Starter ES V20 (TIA Portal) All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
TIA Portal Cloud V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations
TIA Portal Test Suite V20 All versions affected by CVE-2024-54678	Currently no fix is available See recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

On Desktop systems: Execute affected software on Windows hosts where only a single user is configured
On Server systems: Reduce the access on operating system level to administrators only

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

SIMATIC S7-PLCSIM simulates S7-1200, S7-1500 and a few other PLC derivatives and is shipped as part of SIMATIC STEP 7.

SIMATIC STEP 7 (TIA Portal) is an engineering software to configure and program SIMATIC controllers.

SIMATIC WinCC (TIA Portal) is an engineering software to configure and program SIMATIC Panels, SIMATIC Industrial PCs, and Standard PCs running WinCC Runtime Advanced or SCADA System WinCC Runtime Professional visualization software.

SIMOCODE ES is the central software package for the configuration, commissioning, operation, and diagnosis of SIMOCODE pro. The software is based on the Totally Integrated Automation Portal (TIA Portal) central engineering framework and can be seamlessly integrated if additional TIA Portal-based software such as STEP 7 and WinCC is present.

SIMOTION SCOUT is the engineering tool for commissioning of SIMOTION devices.

SINAMICS Startdrive commissioning software is the engineering tool for integration of SINAMICS drives in TIA Portal.

SIRIUS Safety ES is the central software package for the configuration, commissioning, operation, and diagnosis of 3SK2 safety relays. The software is based on the Totally Integrated Automation Portal (TIA Portal) central engineering framework and can be seamlessly integrated if additional TIA Portal-based software such as STEP 7 and WinCC is present, thus providing the user with a consistent, efficient, and intuitive solution to all automation tasks. Those using SIRIUS Safety ES as standalone software will also enjoy its benefits.

SIRIUS Soft Starter ES is the central software for commissioning, operation, and diagnostics of the SIRIUS 3RW5 and 3RW44 soft starter series. It is integrated seamlessly if other TIA Portal-based software such as STEP 7 or WinCC is already installed, thus enabling users to achieve a consistent, efficient, and intuitive solution for all automation tasks. Those who use Soft Starter as standalone software will also benefit from its features.

TIA Portal Cloud makes it possible to use the main packages as well as the main option packages of TIA Portal in a virtualized environment. Local projects can be transferred to the cloud and loaded back again via a file share service.

TIA Test Suite is a testing tool that ensures programming quality through automated validation of TIA Portal projects.

Totally Integrated Automation Portal (TIA Portal) is a PC software that provides access to the complete range of Siemens digitalized automation services, from digital planning and integrated engineering to transparent operation.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-54678

Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

CVSS v3.1 Base Score	8.2
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	8.6
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-502: Deserialization of Untrusted Data

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-08-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.