{"cve":{"cve_id":"CVE-2024-49775","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01521,"epss_percentile":0.71334,"epss_as_of":"2026-06-23","description":"A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.\r\nThis could allow an unauthenticated remote attacker to execute arbitrary code.","published_at":"2024-12-16T15:06:04.714000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-122"],"nvd_references":["https://cert-portal.siemens.com/productcert/html/ssa-928984.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:12:16.527185Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"opcenter-execution-foundation","product_name":"Opcenter Execution Foundation","version_start":"0","version_start_inclusive":true,"version_end":"V2501.0001","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:opcenter-execution-foundation:0:V2501.0001"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"opcenter-intelligence","product_name":"Opcenter Intelligence","version_start":"0","version_start_inclusive":true,"version_end":"V2501.0001","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:opcenter-intelligence:0:V2501.0001"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"opcenter-quality","product_name":"Opcenter Quality","version_start":"0","version_start_inclusive":true,"version_end":"V2512","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:opcenter-quality:0:V2512"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"opcenter-rdnl","product_name":"Opcenter RDnL","version_start":"0","version_start_inclusive":true,"version_end":"V2410","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:opcenter-rdnl:0:V2410"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-pcs-neo-v4.0","product_name":"SIMATIC PCS neo V4.0","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:simatic-pcs-neo-v4.0:0:*"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-pcs-neo-v4.1","product_name":"SIMATIC PCS neo V4.1","version_start":"0","version_start_inclusive":true,"version_end":"V4.1 Update 3","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:simatic-pcs-neo-v4.1:0:V4.1 Update 3"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"simatic-pcs-neo-v5.0","product_name":"SIMATIC PCS neo V5.0","version_start":"0","version_start_inclusive":true,"version_end":"V5.0 Update 1","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:simatic-pcs-neo-v5.0:0:V5.0 Update 1"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"sinec-nms","product_name":"SINEC NMS","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:sinec-nms:0:*"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"totally-integrated-automation-portal-tia-portal-v16","product_name":"Totally Integrated Automation Portal (TIA Portal) V16","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:totally-integrated-automation-portal-tia-portal-v16:0:*"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"totally-integrated-automation-portal-tia-portal-v17","product_name":"Totally Integrated Automation Portal (TIA Portal) V17","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:totally-integrated-automation-portal-tia-portal-v17:0:*"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"totally-integrated-automation-portal-tia-portal-v18","product_name":"Totally Integrated Automation Portal (TIA Portal) V18","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:totally-integrated-automation-portal-tia-portal-v18:0:*"},{"vendor_slug":"siemens","vendor_name":"Siemens","product_slug":"totally-integrated-automation-portal-tia-portal-v19","product_name":"Totally Integrated Automation Portal (TIA Portal) V19","version_start":"0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":false,"cpe23_uri":"cve5:siemens:totally-integrated-automation-portal-tia-portal-v19:0:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-928984.html","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-12-16T15:06:04.714000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:38:23.080966Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:12:16.527185Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:12:16.527185Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:12:16.527185Z","label":"SSVC decision revised","source":"vulnrichment"}]}