CVE-2024-47196

Опубликовано: 08 окт. 2024

Источник: nvd

CVSS3: 6.7

CVSS3: 7.3

EPSS Низкий

Описание

A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-426509.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:modelsim:*:*:*:*:*:*:*:*

Версия до 2024.3 (исключая)

Конфигурация 2

cpe:2.3:a:siemens:questa:*:*:*:*:*:*:*:*

Версия до 2024.3 (исключая)

EPSS

Процентиль: 22%

0.0007

Низкий

6.7 Medium

CVSS3

7.3 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

GHSA-7xrc-f64v-4ph8

CVSS3: 6.7

github

больше 1 года назад

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.

EPSS

Процентиль: 22%

0.0007

Низкий

6.7 Medium

CVSS3

7.3 High

CVSS3

Дефекты

CWE-427