CVE-2024-54678: CWE-502: Deserialization of Untrusted Data in Siemens SIMATIC PCS neo V4.1
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2), TIA Portal Test Suite V20 (All versions < V20 Update 4). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.
AI Analysis
Technical Summary
This vulnerability (CWE-502: Deserialization of Untrusted Data) affects numerous Siemens SIMATIC software products across various versions, where Interprocess Communication input through a Windows Named Pipe is not properly sanitized. An authenticated local attacker with low privileges can exploit this to cause type confusion, leading to arbitrary code execution within the affected application context. The CVSS 3.1 base score is 8.2, reflecting high impact on confidentiality, integrity, and availability. The vulnerability is present in all versions of many products, with some having fixed versions indicated by update numbers (e.g., SIMATIC PCS neo V6.0 < V6.0 SP1 Update 1). No vendor advisory or patch links are provided in the data, so patch status is not confirmed.
Potential Impact
Successful exploitation allows an authenticated local attacker to execute arbitrary code within the affected Siemens SIMATIC applications. This compromises confidentiality, integrity, and availability of the affected systems. The vulnerability leverages improper input sanitization in IPC via Windows Named Pipes, enabling type confusion attacks. This can lead to full control over the affected application processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until official fixes are applied, restrict local user access to systems running affected Siemens SIMATIC software to trusted personnel only. Monitor Siemens security channels for updates and apply updates or workarounds as soon as they become available.
CVE-2024-54678: CWE-502: Deserialization of Untrusted Data in Siemens SIMATIC PCS neo V4.1
Description
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2), TIA Portal Test Suite V20 (All versions < V20 Update 4). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.
CVSS v3.1
Score 8.2high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-502: Deserialization of Untrusted Data) affects numerous Siemens SIMATIC software products across various versions, where Interprocess Communication input through a Windows Named Pipe is not properly sanitized. An authenticated local attacker with low privileges can exploit this to cause type confusion, leading to arbitrary code execution within the affected application context. The CVSS 3.1 base score is 8.2, reflecting high impact on confidentiality, integrity, and availability. The vulnerability is present in all versions of many products, with some having fixed versions indicated by update numbers (e.g., SIMATIC PCS neo V6.0 < V6.0 SP1 Update 1). No vendor advisory or patch links are provided in the data, so patch status is not confirmed.
Potential Impact
Successful exploitation allows an authenticated local attacker to execute arbitrary code within the affected Siemens SIMATIC applications. This compromises confidentiality, integrity, and availability of the affected systems. The vulnerability leverages improper input sanitization in IPC via Windows Named Pipes, enabling type confusion attacks. This can lead to full control over the affected application processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Until official fixes are applied, restrict local user access to systems running affected Siemens SIMATIC software to trusted personnel only. Monitor Siemens security channels for updates and apply updates or workarounds as soon as they become available.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- siemens
- Date Reserved
- 2024-12-05T13:36:49.955Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68ee16327eab8b438c025da8
Added to database: 10/14/2025, 09:21:54 UTC
Last enriched: 06/09/2026, 10:31:21 UTC
Last updated: 07/08/2026, 22:28:18 UTC
Views: 248
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.