Siemens Questa and ModelSim

Monitor6.7ICS-CERT ICSA-24-284-05Oct 8, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Siemens Questa and ModelSim (including OEM editions) contain code injection vulnerabilities (CWE-427) that allow a local attacker with valid user credentials to execute arbitrary code and escalate privileges. The vulnerabilities require local access, valid credentials, and user interaction to trigger. No remote exploitation is possible. Siemens has released patches in version 2024.3 for both products.

What this means

What could happen

A local attacker with user credentials on a system running Questa or ModelSim could inject malicious code and escalate privileges, potentially compromising the integrity of simulation and verification tasks used in industrial design workflows.

Who's at risk

Engineering and design teams using Siemens Questa or ModelSim simulation and verification tools. This affects organizations that rely on these tools for industrial automation, ASIC/FPGA design, and control system simulation—particularly those using OEM editions integrated into Siemens design suites. While not directly operational technology (OT), compromised design artifacts could propagate to production systems.

How it could be exploited

An attacker must first gain local access to a machine running Questa or ModelSim (requires valid user credentials). Through CWE-427 (uncontrolled search path), the attacker can inject code that gets executed with elevated privileges when the application runs.

Prerequisites

Local access to the system running Questa or ModelSim
Valid user credentials on the affected system
User interaction required (application must be launched by the compromised user or administrator)
Ability to place a malicious file in the application search path

Local access requiredUser interaction requiredHigh attack complexityPrivilege escalation possibleNo remote exploitation

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

ModelSim<V2024.32024.3

Questa<V2024.32024.3

Remediation & Mitigation

0/5

Do now

0/2

ModelSim

HARDENINGRestrict local access to systems running Questa or ModelSim to trusted personnel only; harden the application server to prevent access by untrusted users

HARDENINGEnsure proper access controls and user privilege management on engineering workstations running Questa or ModelSim

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

ModelSim

HOTFIXUpdate ModelSim to version 2024.3 or later

Questa

HOTFIXUpdate Questa to version 2024.3 or later

Long-term hardening

0/1

HARDENINGIsolate engineering and design networks from business and operational networks using firewalls and network segmentation

CVEs (3)

CVE-2024-47194 CVE-2024-47195 CVE-2024-47196

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df57984e-789e-4031-b6ea-203722dcc793