Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-47194

A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory.

Published

2024-10-08T09:15:17.047

Last Modified

2024-10-16T18:15:04.043

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	modelsim	< 2024.3	Yes
Application	siemens	questa	< 2024.3	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-426509.html Third Party Advisory ([email protected])