CNVD-2024-48436

Vulnerability from cnvd - Published: 2024-12-17
VLAI Severity ?
Title
Siemens Opcenter Execution Foundation缓冲区溢出漏洞
Description
‌Opcenter Execution Foundation‌是西门子推出的一款制造执行系统(MES)软件,主要用于监控并同步更新企业全球范围内所有工厂的制造活动。该软件通过嵌入式Mendix技术实现低代码个性化功能,使得用户能够根据自身需求定制化开发适合特定生产场景的系统‌。 Siemens Opcenter Execution Foundation存在缓冲区溢出漏洞,未经身份验证的远程攻击者可利用漏洞执行任意代码。
Severity
Formal description

目前暂无详细的解决方案: https://www.siemens.com

Impacted products
Name
Siemens Opcenter Execution Foundation‌
Show details on source website
To clipboard 

{
  "description": "\u200cOpcenter Execution Foundation\u200c\u662f\u897f\u95e8\u5b50\u63a8\u51fa\u7684\u4e00\u6b3e\u5236\u9020\u6267\u884c\u7cfb\u7edf\uff08MES\uff09\u8f6f\u4ef6\uff0c\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u5e76\u540c\u6b65\u66f4\u65b0\u4f01\u4e1a\u5168\u7403\u8303\u56f4\u5185\u6240\u6709\u5de5\u5382\u7684\u5236\u9020\u6d3b\u52a8\u3002\u8be5\u8f6f\u4ef6\u901a\u8fc7\u5d4c\u5165\u5f0fMendix\u6280\u672f\u5b9e\u73b0\u4f4e\u4ee3\u7801\u4e2a\u6027\u5316\u529f\u80fd\uff0c\u4f7f\u5f97\u7528\u6237\u80fd\u591f\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b9a\u5236\u5316\u5f00\u53d1\u9002\u5408\u7279\u5b9a\u751f\u4ea7\u573a\u666f\u7684\u7cfb\u7edf\u200c\u3002\n\nSiemens Opcenter Execution Foundation\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttps://www.siemens.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-48436",
  "openTime": "2024-12-17",
  "products": {
    "product": "Siemens Opcenter Execution Foundation\u200c"
  },
  "serverity": "\u9ad8",
  "submitTime": "2024-12-16",
  "title": "Siemens Opcenter Execution Foundation\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.