Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-53977

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.

Published

2025-02-11T11:15:15.063

Last Modified

2025-09-25T13:39:30.720

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	modelsim	< 2025.1	Yes
Application	siemens	questa	< 2025.1	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-637914.html Vendor Advisory ([email protected])