Multiple Local Code Execution Vulnerabilities in Questa and ModelSim

Monitor6.7SSA-426509Oct 8, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

Questa and ModelSim contain multiple local code execution vulnerabilities (CWE-427) that could allow a local attacker to inject arbitrary code and escalate privileges. The vulnerabilities are present in versions prior to V2024.3 and V2025.2 respectively.

What this means

What could happen

A local attacker with user-level access to a workstation running Questa or ModelSim could execute arbitrary code with elevated privileges, potentially compromising engineering data, simulation integrity, or the design environment itself.

Who's at risk

Design and simulation engineers using Questa or ModelSim on their workstations should prioritize this update. This affects organizations in any sector that use Siemens EDA tools for FPGA, ASIC, or hardware design verification, including utilities designing custom control systems.

How it could be exploited

An attacker with local access to a workstation running a vulnerable version of Questa or ModelSim could exploit the code injection vulnerability through user interaction (such as opening a project file or simulation model) to execute arbitrary code and escalate to higher privileges.

Prerequisites

Local access to the workstation
User-level privileges on the system
Vulnerable version of Questa or ModelSim installed (< V2024.3 or < V2025.2)
User interaction required (opening project file or simulation)

Local code executionPrivilege escalation possibleUser interaction requiredLow complexity attackEngineering tools are attractive targets for IP theft

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

ModelSim< V2024.32024.3

ModelSim< V2025.22025.2

Questa< V2024.32024.3

Questa< V2025.22025.2

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

ModelSim

HOTFIXUpdate ModelSim to version 2024.3 or later

HOTFIXUpdate ModelSim to version 2025.2 or later if running the 2025 release branch

Questa

HOTFIXUpdate Questa to version 2024.3 or later

HOTFIXUpdate to Questa version 2025.2 or later if running the 2025 release branch

Long-term hardening

0/1

ModelSim

HARDENINGRestrict physical and logical access to engineering workstations running Questa or ModelSim to authorized personnel only

CVEs (3)

CVE-2024-47194 CVE-2024-47195 CVE-2024-47196

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1e3518fb-8125-4a0c-954e-215a141bc47e