CVE-2024-47195 Siemens CVE debrief

Who should care

Organizations using Siemens ModelSim or Questa for hardware design and verification, particularly in shared or multi-user environments where developers with varying privilege levels access simulation tools. System administrators responsible for EDA tool deployments and security teams in semiconductor, aerospace, defense, and industrial sectors relying on these tools for FPGA/ASIC development.

Technical summary

The vulnerability exists in gdb.exe within Siemens ModelSim and Questa simulation tools. When gdb.exe is launched from a user-writable directory, it loads a specific executable from the current working directory without proper path validation. This behavior allows an authenticated local attacker with low privileges to place a malicious executable in the working directory, which gets loaded when an administrator or elevated process launches gdb.exe. The attack requires user interaction and high complexity due to the need for specific timing and directory conditions, but successful exploitation yields high impact across confidentiality, integrity, and availability.

Defensive priority

medium

Recommended defensive actions

• Update Siemens ModelSim and Questa to V2024.3 or later to remediate the gdb.exe current working directory loading vulnerability
• Harden application servers to prevent local access by untrusted personnel as a defense-in-depth measure
• Review and restrict directory permissions to prevent execution from user-writable locations when elevated privilege processes are launched
• Monitor for anomalous gdb.exe execution from non-standard working directories in environments running ModelSim or Questa

Evidence notes

Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-284-05, with vendor fix confirmed by Siemens security advisory SSA-426509. CVSS vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H indicates local attack vector with high complexity requiring user interaction.

Official resources