- Description
- A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.
- Source
- productcert@siemens.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- productcert@siemens.com
- CWE-427
- Hype score
- Not currently trending
🚨 CVE-2024-53977 🟠 MEDIUM (6.7) 🏢 Siemens - ModelSim 🏗️ 0 🔗 https://t.co/rH1dWJ9KeP #CyberCron #VulnAlert https://t.co/b9DK6tRQ69
@cybercronai
12 Feb 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2024-53977 Local Privilege Escalation in ModelSim and Questa via Setup Script Explo... https://t.co/s00w7ygzlE Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
11 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-53977 | Siemens ModelSim/Questa up to 2025.0 uncontrolled search path (ssa-637914)) has been published on https://t.co/kzkGUU6XuK
@WolfgangSesin
11 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53977 A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications … https://t.co/5EXqvpFcLd
@CVEnew
11 Feb 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes