OTPulse
FeedAboutContact

Local Code Execution Vulnerability in Questa and ModelSim Before V2025.1

Monitor6.7SSA-637914Feb 11, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary

Questa and ModelSim (including OEM editions) contain an arbitrary code injection vulnerability that allows a local attacker with low privilege to escalate privileges. The vulnerability stems from improper code handling during application execution. A local user could inject arbitrary code by crafting a malicious project file that, when opened by another user, executes attacker-supplied commands with elevated privileges. This affects versions before V2025.1.

What this means
What could happen
A local attacker with low-level access to an engineering workstation running ModelSim or Questa could inject malicious code and escalate privileges, potentially gaining control of the design environment and modifying hardware designs or simulation results.
Who's at risk
This affects organizations that use Siemens Questa or ModelSim for hardware design and simulation work, including design engineering teams, FPGA development groups, and simulation labs. Both commercial and OEM editions are affected.
How it could be exploited
An attacker with local user access to a workstation running ModelSim or Questa can exploit improper code handling during application execution to inject arbitrary code. The attack requires user interaction (such as opening a malicious project file) and happens locally on the machine.
Prerequisites
  • Local user account on the engineering workstation
  • ModelSim or Questa application installed
  • User interaction required (e.g., opening a project file with malicious content)
  • User account with low privilege level (non-admin)
local exploitation onlyrequires user interactionaffects design/engineering tools not production systemsmedium severitylow exploit probability (0.1%)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
ModelSim< V2025.12025.1
Questa< V2025.12025.1
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

ModelSim
HOTFIXUpdate ModelSim to version 2025.1 or later
Questa
HOTFIXUpdate Questa to version 2025.1 or later
Long-term hardening
0/2
ModelSim
HARDENINGRestrict local access to engineering workstations running ModelSim or Questa to authorized personnel only
All products
HARDENINGImplement application whitelisting to prevent unauthorized code execution on design workstations
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d02ed1ce-3eef-427b-9212-410d777294de
Local Code Execution Vulnerability in Questa and ModelSim Before V2025.1 | CVSS 6.7 - OTPulse