PatchSiren cyber security CVE debrief
CVE-2024-53977 Siemens CVE debrief
CVE-2024-53977 is a local privilege-escalation issue in Siemens ModelSim and Questa. According to the CISA/Siemens advisory, an example setup script can load a specific executable from the current working directory. If an administrator or other elevated process launches that script from a user-writable location, an authenticated local attacker may be able to inject arbitrary code and gain elevated privileges.
- Vendor
- Siemens
- Product
- ModelSim
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-05-06
Who should care
Administrators, engineers, and security teams responsible for Siemens ModelSim or Questa installations, especially on shared workstations, lab systems, or any host where elevated processes may launch scripts from user-writable directories.
Technical summary
The advisory describes a search-order style weakness in an example setup script: it can load an executable from the current working directory. The risk is local and requires authentication, but it can still lead to arbitrary code execution and privilege escalation when the script is run with elevated rights from a directory writable by a lower-privileged user. CISA lists the CVSS v3.1 vector as AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (6.7, Medium).
Defensive priority
Medium. Patch promptly for any affected Siemens ModelSim or Questa deployment, and treat systems where privileged users run scripts from writable directories as higher priority.
Recommended defensive actions
- Update Siemens ModelSim or Questa to V2025.1 or later as directed by the vendor advisory.
- Avoid launching installer or setup scripts from user-writable directories, especially when using elevated privileges.
- Run affected tools and scripts with least privilege wherever possible.
- Restrict write access to directories from which privileged processes may execute scripts or helper binaries.
- Review deployment and administration workflows to ensure administrators do not run setup content from temporary, shared, or user-controlled locations.
Evidence notes
This debrief is based on the CISA CSAF advisory for Siemens ModelSim and Questa (ICSA-25-044-10) and the linked Siemens security advisory. The source text states that an example setup script can load a specific executable from the current working directory and that this may allow an authenticated local attacker to inject arbitrary code and escalate privileges when elevated processes launch the script from a user-writable directory. The source also provides the remediation to update to V2025.1 or later and lists CVSS v3.1 as 6.7 Medium with vector AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2024-53977 CVE record
CVE.org
-
CVE-2024-53977 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-11 in CISA advisory ICSA-25-044-10; the source was revised on 2025-05-06 for typo fixes.