Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-47196

A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.

Published

2024-10-08T09:15:17.563

Last Modified

2025-06-17T09:15:22.873

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	modelsim	< 2024.3	Yes
Application	siemens	questa	< 2024.3	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-426509.html Vendor Advisory ([email protected])