Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SIMATIC S7-PLCSIM V17

Source -

CNA

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2025-40759
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.06% / 17.89%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-12 Aug, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIRIUS Soft Starter ES V20 (TIA Portal)SIMATIC STEP 7 V17SIRIUS Safety ES V20 (TIA Portal)SIMOTION SCOUT TIA V5.7TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)TIA Portal Cloud V20SIMATIC STEP 7 V19SINAMICS Startdrive V20SIRIUS Safety ES V19 (TIA Portal)SIMOCODE ES V19SIMOCODE ES V20SIMATIC WinCC V19SIMATIC STEP 7 V20TIA Portal Cloud V18SIMATIC S7-PLCSIM V17SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMATIC WinCC V20SIMOCODE ES V17SIMOCODE ES V18
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-30033
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.29%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC PCS 7/OPEN OS V9.1SIMATIC S7-PLCSIM V20SIMATIC PCS 7 Advanced Process Functions V2.2TIA Portal Test Suite V19SIMATIC NET PC Software V17SIMATIC WinCC flexible ESSIMATIC PCS 7 PowerControlSIMATIC WinCC Visualization Architect (SiVArc) V20SIMATIC WinCC Visualization Architect (SiVArc) V18SIMATIC NET PC Software V19SIMATIC PCS 7 V10.0SIMATIC ProSave V20SIMATIC WinCC Runtime Professional V20SIMATIC S7-1500 Software Controller V2SIMATIC Process Historian 2024SIMIT Rapid TesterStandard PID CTRL ToolSIMATIC PCS 7 Basis Faceplates V9.1SIMATIC WinCC TeleControlSIMATIC WinCC Unified PC Runtime V18SIMATIC PDM V9.2SIMATIC S7-PLCSIM AdvancedSIMATIC eaSie Document SkillsSIMATIC WinCC Unified PC Runtime V19SIMATIC MTP CREATOR V3.xSIMATIC S7-PLCSIM V18SIMATIC PCS 7 Standard Chemical Library V9.1SIMATIC PCS neo V6.0SIMATIC Automation ToolSINAMICS Startdrive V19SIMATIC Safety MatrixSIMATIC MTP CREATOR V5.xSIMATIC S7-PCTModular PID CTRL ToolTeleControl Server Basic V3.1Automation License Manager V6.2SIMATIC S7-1500 Software Controller V3OpenPCS 7 V9.1SIMATIC D7-SYSSIMATIC WinCC Visualization Architect (SiVArc) V19SIMATIC NET PC Software V20SIMATIC Process Function Library (PFL) V4.0TIA Portal Test Suite V20SIMATIC ProSave V19SIMATIC WinCC Unified Line CoordinationSIMATIC PCS 7 Industry Library V9.1SIMATIC NET PC Software V18SIMATIC STEP 7 CFC V19SIMIT Simulation PlatformSIMATIC MTP CREATOR V4.xSIMATIC Logon V1.6SINEMA Remote Connect ClientSIMATIC Management AgentSIMATIC WinCC Visualization Architect (SiVArc) V17SIMATIC Route Control V10.0SIMATIC Management ConsoleSIMATIC PCS 7 TeleControlSIMATIC eaSie PCS 7 Skill PackageSINEC NMSAutomation License Manager V6.0SIMATIC S7-Fail-safe Configuration Tool (S7-FCT)SIMATIC PCS 7 Advanced Process Functions V2.1Create MyConfig (CMC)SIMATIC eaSie Workflow SkillsSIMATIC MTP Integrator V1.xSIMATIC PCS 7 Advanced Process Graphics V10.0OpenPCS 7 V10.0SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0WinCC Panel Image SetupSIMATIC ODK 1500SSIMATIC ProSave V17SIMATIC MTP CREATOR V2.xSIMATIC STEP 7 V5.7FM Configuration PackageSIMATIC STEP 7 CFC V20TIA Portal Test Suite V17SIMATIC eaSie Core PackageCP PtP Param configuring interfaceSIMATIC PCS 7 V9.1MultiFieldbus Configuration Tool (MFCT)SIMATIC Logon V2.0SIMATIC Process Historian 2020TIA Portal Cloud ConnectorTIA AdministratorSIMATIC NET PC Software V16SIMATIC WinCC Unified SequenceSIMATIC BATCH V10.0SIMATIC Route Control V9.1SIMATIC TargetSIMATIC WinCC V7.5SINAMICS Startdrive V18SIMATIC PCS neo V5.0SIMATIC WinCC V8.1SIMATIC Control Function Library (CFL) V4.0SIMATIC Control Function Library (CFL) V2.0SIMATIC S7-PLCSIM V19SIMATIC Automation Tool SDK WindowsSINAMICS Startdrive V20SIMATIC PCS 7 Basis Library V9.1SIMATIC PCS 7 MPC ConfiguratorSIMATIC S7 F Systems V6.3Energy Support Library (EnSL)SINAMICS Startdrive V17SIMATIC Control Function Library (CFL) V3.0SIMATIC MTP Integrator V2.xSIMATIC PCS 7 Advanced Process Graphics V9.1SIMATIC PDM V9.3SIMATIC ProSave V18SIMATIC Energy Suite V18SIMATIC Control Function Library (CFL) V1.0.0SIMATIC WinCC Unified PC Runtime V20SIMATIC WinCC V8.0TIA Portal Test Suite V18SIMATIC BATCH V9.1SIMATIC Energy Suite V17SIMATIC PCS 7 Advanced Process Faceplates V9.1TIA Project-ServerCEMAT V10.0SIMATIC PCS 7 Industry Library V10.0SIMATIC PCS 7 Advanced Process Library V9.1SIMATIC PCS 7 Standard Chemical Library V10.0SIMATIC PCS 7 Industry Library V9.0SIMATIC WinCC Runtime ProfessionalTIA Project-Server V17SIMATIC S7-PLCSIM V17SIMATIC S7 F Systems V6.4SIMATIC PCS 7 Logic Matrix V9.1Siemens Network Planner (SINETPLAN)SIMATIC WinCC Runtime AdvancedSIMATIC PDM Maintenance Station V5.0SITRANSSIMATIC PCS 7 Basis Library V10.0SIMATIC PCS 7 Logic Matrix V10.0SIMATIC Process Historian 2022SIMATIC Energy Suite V19
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-54678
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIRIUS Soft Starter ES V20 (TIA Portal)SIMATIC STEP 7 V17SIRIUS Safety ES V20 (TIA Portal)SIMOTION SCOUT TIA V5.7SIMATIC PCS neo V6.0TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)TIA Portal Cloud V20SIMATIC STEP 7 V19SIMATIC PCS neo V4.1SINAMICS Startdrive V20SIRIUS Safety ES V19 (TIA Portal)SIMOCODE ES V19SIMOCODE ES V20SIMATIC WinCC V19SIMATIC STEP 7 V20TIA Portal Cloud V18SIMATIC S7-PLCSIM V17TIA Portal Test Suite V20SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMATIC WinCC V20SIMATIC PCS neo V5.0SIMOCODE ES V17SIMOCODE ES V18
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-52051
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.03% / 5.39%
||
7 Day CHG-0.00%
Published-10 Dec, 2024 | 13:53
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIMATIC WinCC Unified V19SIMATIC S7-PLCSIM V18SIMATIC STEP 7 Safety V17SIMATIC STEP 7 V17TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMATIC WinCC Unified V17SIMATIC WinCC Unified V18SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)SIMATIC STEP 7 V19SIRIUS Safety ES V19 (TIA Portal)SIMOCODE ES V19SIMATIC STEP 7 Safety V18SIMATIC STEP 7 Safety V19SIMATIC WinCC V19TIA Portal Cloud V18SIMATIC S7-PLCSIM V17SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMATIC WinCC Unified PC Runtime V18SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMOCODE ES V17SIMOCODE ES V18SIMATIC WinCC Unified PC Runtime V19
CWE ID-CWE-20
Improper Input Validation
CVE-2024-49849
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.10% / 28.46%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:53
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIMATIC WinCC Unified V19SIMATIC STEP 7 Safety V17SIMATIC STEP 7 V17TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMATIC WinCC Unified V17SIMATIC WinCC Unified V18SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)SIMATIC WinCC Unified V16SIMATIC STEP 7 V19SIRIUS Safety ES V19 (TIA Portal)SIMATIC WinCC V16SIMOCODE ES V19SIMATIC STEP 7 Safety V18SIMATIC S7-PLCSIM V16SIMATIC STEP 7 Safety V19SIMATIC WinCC V19TIA Portal Cloud V16TIA Portal Cloud V18SIMATIC S7-PLCSIM V17SIMATIC STEP 7 Safety V16SIMATIC STEP 7 V16SINAMICS Startdrive V16SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMOCODE ES V16SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMOCODE ES V17SIMOCODE ES V18
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-32736
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.21% / 43.08%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-14 Jan, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 SP5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 SP5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-PLCSIM V16SIMATIC WinCC Unified V18SIMATIC WinCC V18TIA Portal Cloud V17SINAMICS Startdrive V16SIMOTION SCOUT TIA V5.4 SP1SINAMICS Startdrive V17SIRIUS Soft Starter ES V18 (TIA Portal)SIMOCODE ES V16SIMATIC WinCC Unified V16SIMATIC STEP 7 V16SIMOCODE ES V17SIMATIC S7-PLCSIM V17SIMATIC STEP 7 V17SIMOCODE ES V18SIMATIC STEP 7 V18SIRIUS Safety ES V18 (TIA Portal)SIMATIC STEP 7 Safety V16SIMATIC STEP 7 Safety V17SIMOTION SCOUT TIA V5.4 SP3SIMATIC WinCC V17SIMATIC STEP 7 Safety V18SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC Unified V17SIRIUS Soft Starter ES V17 (TIA Portal)SINAMICS Startdrive V18SIMOTION SCOUT TIA V5.5 SP1TIA Portal Cloud V16SIMATIC WinCC V16TIA Portal Cloud V18simatic_winccsimatic_wincc_unifiedsinamics_startdrivesimotion_scout_tiasimatic_step_7tia_portal_cloudsimatic_s7-plcsimsirius_safety_essimocode_es
CWE ID-CWE-502
Deserialization of Untrusted Data