<p>Affected products do not properly sanitize user-controllable input
when parsing files. This could allow an attacker to cause a type
confusion and execute arbitrary code within the affected
application.</p>
<p>Siemens has released new versions for several affected products and
recommends to update to the latest versions. Siemens is preparing
further fix versions and recommends specific countermeasures for
products where fixes are not, or not yet available.</p>
<p>Siemens has released products based on the Totally Integrated
Automation Portal (TIA Portal) V20 which are not affected by
CVE-2024-49849. See the chapter “Additional Information” below for more
details.</p>
Source link
