Siemens Questa and ModelSim

MonitorCVSS 6.7ICS-CERT ICSA-24-284-05Oct 8, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Questa and ModelSim are affected by multiple local code injection and privilege escalation vulnerabilities (CWE-427). An attacker with local access and low user privileges could inject arbitrary code into the application and escalate to higher privileges. Both products are used in industrial simulation and design workflows. Siemens has released patched versions 2024.3 for both products.

What this means

What could happen

An attacker with local access to a workstation running Questa or ModelSim could execute arbitrary code and gain elevated privileges. While not directly controlling field equipment, compromised engineering workstations could be used to alter designs, simulations, or firmware before deployment to live systems.

Who's at risk

This advisory affects engineering and design teams that use Siemens Questa and ModelSim for simulation, verification, and firmware development. Anyone with engineering workstations or centralized design servers running these tools—particularly those in electric utilities, water authorities, or manufacturing plants that design or customize control logic—should prioritize patching.

How it could be exploited

An attacker must first gain local access to a workstation or engineering server where Questa or ModelSim is installed. The attacker must have a local user account. They then inject malicious code through the application (likely a file parsing or plugin mechanism) to escalate privileges and execute arbitrary commands on that workstation.

Prerequisites

Local access to the workstation or server where Questa or ModelSim is installed
Valid local user account (lower-privilege user)
User interaction required (the advisory notes UI:R in the CVSS vector, suggesting user must perform an action like opening a file)

Requires local access (not remote)High attack complexityRequires user interactionCan lead to privilege escalationCould compromise engineering workstations used to develop control system firmware

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

ModelSim<V2024.32024.3

Questa<V2024.32024.3

Remediation & Mitigation

0/4

Do now

0/1

ModelSim

WORKAROUNDRestrict local access to workstations and engineering servers running Questa or ModelSim to trusted personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

ModelSim

HOTFIXUpdate ModelSim to version 2024.3 or later

Questa

HOTFIXUpdate Questa to version 2024.3 or later

Long-term hardening

0/1

HARDENINGImplement access controls on the application server to prevent local logons by untrusted users

CVEs (3)

CVE-2024-47194 CVE-2024-47195 CVE-2024-47196

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df57984e-789e-4031-b6ea-203722dcc793

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.