Primary

Context

Siemens Questa and ModelSim Privilege Escalation Vulnerability via Local Code Execution

Vulnerability

Patched

A vulnerability exists in Siemens Questa and ModelSim, all versions prior to 2025.1, allowing authenticated local attackers to inject arbitrary code and escalate privileges. This issue arises from an example setup script that can load specific executable files from the current working directory. The vulnerability is exploitable in environments where administrators or processes with elevated privileges execute the script from a user-writable directory.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges.

Remediation

Users are advised to update to version 2025.1 or later. For general security recommendations, consult Siemens' operational guidelines for Industrial Security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Questa and ModelSim Privilege Escalation Vulnerability via Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Siemens ModelSim

Siemens Questa

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating