PatchSiren cyber security CVE debrief
CVE-2024-45182 Siemens CVE debrief
CVE-2024-45182 is a medium-severity vulnerability (CVSS 6.5) affecting WIBU-SYSTEMS WibuKey before version 6.70, specifically in the WibuKey64.sys driver component. The vulnerability stems from an improper bounds check that allows specially crafted packets to trigger an arbitrary address read, resulting in Denial of Service conditions. This issue was disclosed on October 8, 2024, through CISA's ICS advisory ICSA-24-284-09, which identifies Siemens PSS(R)SINCAL as an affected product utilizing the vulnerable WibuKey component. The vulnerability is locally exploitable with low attack complexity and requires low privileges, though it has a changed scope impact. The vendor has released WibuKey Runtime for Windows version 6.70 to address this flaw. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- PSS(R)SINCAL
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-08
- Original CVE updated
- 2024-10-08
- Advisory published
- 2024-10-08
- Advisory updated
- 2024-10-08
Who should care
Organizations operating Siemens PSS SINCAL power system analysis software or other industrial applications protected by WIBU-SYSTEMS WibuKey licensing technology should prioritize this update. System administrators managing Windows-based industrial workstations with WibuKey drivers installed, security teams responsible for industrial control system endpoint protection, and OT/ICS security practitioners implementing defense-in-depth strategies for licensed engineering software environments should assess exposure and apply vendor patches.
Technical summary
The vulnerability exists in WibuKey64.sys, a kernel driver component of the WIBU-SYSTEMS WibuKey software protection and licensing system. An improper bounds check when processing specially crafted packets enables an attacker with local access and low privileges to trigger an arbitrary address read. This memory safety defect results in Denial of Service conditions. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) indicates a local attack vector with low complexity, low privilege requirements, changed scope, and high availability impact. The vulnerability does not affect confidentiality or integrity per the scoring. Remediation requires updating to WibuKey Runtime for Windows version 6.70 or later, which contains corrected bounds checking logic in the driver.
Defensive priority
medium
Recommended defensive actions
- Update WibuKey Runtime for Windows to version 6.70 or later to remediate the improper bounds check vulnerability
- Verify WibuKey component versions in Siemens PSS SINCAL deployments and apply vendor-provided updates
- Implement network segmentation for industrial control systems to limit exposure of vulnerable components
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to WibuKey-protected environments
- Monitor for anomalous local access attempts or unexpected driver behavior that may indicate exploitation attempts
Evidence notes
Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-284-09. CVSS vector AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H confirms local attack vector with availability impact. Vendor fix explicitly identified as WibuKey Runtime for Windows V6.70 or later.
Official resources
-
CVE-2024-45182 CVE record
CVE.org
-
CVE-2024-45182 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-08