CVE-2024-47194 Siemens CVE debrief

Who should care

Organizations using Siemens ModelSim or Questa for hardware design verification, particularly in multi-user development environments, shared workstations, or automated build systems where simulation tools may be invoked from various working directories

Technical summary

The vish2.exe component in Siemens ModelSim and Questa simulation environments follows unsafe DLL search order, loading a specific library from the current working directory before system paths. When the executable is launched from a directory writable by lower-privileged users, an attacker can place a malicious DLL to achieve code execution in the security context of the launching process. This requires the attacker to already have authenticated local access and depends on administrative users or elevated processes launching the tool from compromised locations. The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) reflects high impact but constrained attack surface.

Defensive priority

medium

Recommended defensive actions

• Upgrade Siemens ModelSim and Questa to version 2024.3 or later to obtain the vendor fix for insecure DLL loading
• Harden application servers hosting simulation tools to prevent untrusted local access
• Restrict execution of vish2.exe to protected, non-user-writable directories only
• Audit and monitor for vish2.exe launches from user-writable paths in development environments
• Review CI/CD pipeline configurations to ensure simulation tools execute from secured directories
• Implement principle of least privilege for accounts running hardware simulation workflows

Evidence notes

Vulnerability description and remediation details sourced from CISA ICS Advisory ICSA-24-284-05 and Siemens security advisory SSA-426509. CVSS vector confirms local attack vector with high attack complexity. Vendor fix confirmed for V2024.3 and later.

Official resources