Introduction
Compromise of engineering workstations in industrial environments can lead to loss of control over critical infrastructure and production lines. CVE-2024-54678 exposes a broad range of Siemens SIMATIC, TIA Portal, and related products to arbitrary code execution through a type confusion vulnerability in their interprocess communication mechanisms.
About Siemens and Its Industrial Automation Portfolio: Siemens is a dominant player in the industrial automation sector, with its SIMATIC and TIA Portal platforms widely deployed in manufacturing, utilities, and infrastructure worldwide. The company's engineering and control software forms the backbone of many critical operations, making vulnerabilities in these products highly impactful.
Technical Information
CVE-2024-54678 is a type confusion vulnerability caused by improper sanitization of Interprocess Communication (IPC) input received via Windows Named Pipes. The affected Siemens products create Named Pipes accessible to all local users, removing a key security boundary. Attackers with authenticated local access can send specially crafted serialized objects through these pipes. During deserialization, the application fails to validate the input, leading to type confusion and enabling arbitrary code execution within the application's context.
The vulnerability is classified under CWE-502 (Deserialization of Untrusted Data). The root cause is the lack of validation and sanitization of data received via the Named Pipe, combined with unsafe deserialization logic. No user interaction is required beyond local access, and exploitation targets shared components present in multiple Siemens engineering and automation products.
Affected Systems and Versions
The following Siemens products and versions are affected by CVE-2024-54678:
- SIMATIC PCS neo V4.1 (All versions)
- SIMATIC PCS neo V5.0 (All versions)
- SIMATIC PCS neo V6.0 (All versions)
- SIMATIC S7-PLCSIM V17 (All versions)
- SIMATIC STEP 7 V17 (All versions)
- SIMATIC STEP 7 V18 (All versions)
- SIMATIC STEP 7 V19 (All versions < V19 Update 4)
- SIMATIC STEP 7 V20 (All versions)
- SIMATIC WinCC V17 (All versions)
- SIMATIC WinCC V18 (All versions)
- SIMATIC WinCC V19 (All versions < V19 Update 4)
- SIMATIC WinCC V20 (All versions)
- SIMOCODE ES V17 (All versions)
- SIMOCODE ES V18 (All versions)
- SIMOCODE ES V19 (All versions)
- SIMOCODE ES V20 (All versions)
- SIMOTION SCOUT TIA V5.4 (All versions)
- SIMOTION SCOUT TIA V5.5 (All versions)
- SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7)
- SIMOTION SCOUT TIA V5.7 (All versions)
- SINAMICS Startdrive V17 (All versions)
- SINAMICS Startdrive V18 (All versions)
- SINAMICS Startdrive V19 (All versions)
- SINAMICS Startdrive V20 (All versions)
- SIRIUS Safety ES V17 (TIA Portal) (All versions)
- SIRIUS Safety ES V18 (TIA Portal) (All versions)
- SIRIUS Safety ES V19 (TIA Portal) (All versions)
- SIRIUS Safety ES V20 (TIA Portal) (All versions)
- SIRIUS Soft Starter ES V17 (TIA Portal) (All versions)
- SIRIUS Soft Starter ES V18 (TIA Portal) (All versions)
- SIRIUS Soft Starter ES V19 (TIA Portal) (All versions)
- SIRIUS Soft Starter ES V20 (TIA Portal) (All versions)
- TIA Portal Cloud V17 (All versions)
- TIA Portal Cloud V18 (All versions)
- TIA Portal Cloud V19 (All versions < V5.2.1.1)
- TIA Portal Cloud V20 (All versions)
- TIA Portal Test Suite V20 (All versions)
Vendor Security History
Siemens has previously disclosed vulnerabilities in its engineering and automation products, including deserialization flaws and input validation issues. The company maintains a ProductCERT team and follows coordinated disclosure practices. Patch response times vary, but Siemens typically issues advisories and guidance for critical vulnerabilities. The presence of this vulnerability across many products and versions highlights the challenge of securing shared components in large industrial software portfolios.