cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47196,https://securityvulnerability.io/vulnerability/CVE-2024-47196,Arbitrary Code Execution Vulnerability in vsimk.exe,"A vulnerability exists in ModelSim and Questa where the vsimk.exe executable allows an attacker to load a specific tcl file from the current working directory. This scenario presents a risk for installations where the application is launched from a user-writable directory by administrators or processes with elevated privileges. As a result, authenticated local attackers can potentially inject arbitrary code, leading to privilege escalation and unauthorized actions within the system.",Siemens,"Modelsim,Questa",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T08:40:49.065Z,0
CVE-2024-47195,https://securityvulnerability.io/vulnerability/CVE-2024-47195,ModelSim Vulnerability Allows Arbitrary Code Injection and Privilege Escalation,"A vulnerability exists in ModelSim and Questa which pertains to the execution of gdb.exe from a user-writable directory. This issue allows an authenticated local attacker to load a specially crafted executable file, potentially leading to arbitrary code execution and privilege escalation in instances where the application is launched by an administrative user or another process with elevated rights. This type of attack poses significant risk in environments where user permissions are incorrectly set, enabling malicious users to exploit this flaw and potentially gain unauthorized control over the system.",Siemens,"Modelsim,Questa",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T08:40:47.801Z,0
CVE-2024-47194,https://securityvulnerability.io/vulnerability/CVE-2024-47194,ModelSim Vulnerability Could Allow Arbitrary Code Injection and Privilege Escalation,"A local code injection vulnerability has been identified in Siemens’ ModelSim and Questa applications, specifically in the vish2.exe component. This vulnerability arises when the affected applications load a specific DLL file from the current working directory. If the vish2.exe process is executed from a user-writable directory by an authenticated local attacker, it could potentially lead to arbitrary code injection, allowing the attacker to escalate their privileges on systems where elevated privileges are involved. Users are advised to apply available patches and review directory permissions to mitigate this risk.",Siemens,"Modelsim,Questa",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T08:40:46.551Z,0
CVE-2021-42023,https://securityvulnerability.io/vulnerability/CVE-2021-42023,,"A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice.",Siemens,"Modelsim Simulation,Questa Simulation",6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2021-12-14T00:00:00.000Z,0