PatchSiren cyber security CVE debrief
CVE-2024-47196 Siemens CVE debrief
CVE-2024-47196 is a local privilege escalation vulnerability in Siemens ModelSim and Questa simulation tools. The vsimk.exe executable loads a specific Tcl file from the current working directory, allowing an authenticated local attacker to inject arbitrary code when administrators or elevated processes launch the application from user-writable directories. Published October 8, 2024, and last modified May 6, 2025, this vulnerability carries a CVSS 3.1 score of 6.7 (MEDIUM). The attack requires local access, high attack complexity, low privileges, and user interaction, but successful exploitation yields high impact across confidentiality, integrity, and availability. Siemens has released a vendor fix in version 2024.3 or later.
- Vendor
- Siemens
- Product
- ModelSim
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-08
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-10-08
- Advisory updated
- 2025-05-06
Who should care
Organizations using Siemens ModelSim or Questa for hardware design and verification, particularly in environments where simulation tools are executed by privileged accounts or automated build systems. Security teams managing industrial control system development environments and semiconductor design facilities should prioritize this fix.
Technical summary
The vsimk.exe component in Siemens ModelSim and Questa simulation environments loads a specific Tcl configuration file from the current working directory rather than a protected system location. When privileged users or automated processes with elevated rights execute vsimk.exe from directories writable by lower-privileged users, an attacker with local access can place a malicious Tcl file in that directory. This file will be loaded and executed with the privileges of the vsimk.exe process, enabling arbitrary code execution and privilege escalation. The vulnerability requires authenticated local access and user interaction, with high attack complexity due to the specific conditions needed for exploitation.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix: Update Siemens ModelSim and Questa to version 2024.3 or later
- Harden application servers to prevent local access by untrusted personnel
- Ensure vsimk.exe is not launched from user-writable directories by privileged accounts
- Implement principle of least privilege for simulation tool execution environments
- Review and restrict directory permissions where simulation tools are executed
- Monitor for unauthorized Tcl file placement in working directories used by simulation tools
Evidence notes
Vulnerability confirmed through CISA ICS advisory ICSA-24-284-05 and Siemens security advisory SSA-426509. Affected products identified as ModelSim and Questa via CSAF product tree. CVSS vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H sourced from official advisory. Vendor fix version V2024.3 or later specified in remediation data.
Official resources
-
CVE-2024-47196 CVE record
CVE.org
-
CVE-2024-47196 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-08