CVE-2024-53977
📋 TL;DR
This vulnerability allows authenticated local attackers to execute arbitrary code with elevated privileges by exploiting a script that loads executables from the current working directory. It affects ModelSim and Questa simulation software versions before V2025.1. Attackers can escalate privileges when administrators or privileged processes run the vulnerable script from user-writable directories.
💻 Affected Systems
- ModelSim
- Questa
📦 What is this software?
Modelsim by Siemens
Questa by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, allowing attackers to install persistent malware, steal sensitive data, or disrupt critical simulation workflows.
Likely Case
Local privilege escalation enabling attackers to gain administrative access to the simulation environment, potentially compromising simulation data and intellectual property.
If Mitigated
Limited impact with proper directory permissions and user access controls preventing execution from untrusted locations.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of the vulnerable script's behavior. Attackers need to place malicious executables in directories where administrators might run the setup script.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V2025.1
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-637914.html
Restart Required: Yes
Instructions:
1. Download ModelSim/Questa V2025.1 or later from Siemens support portal. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system to ensure all components are properly loaded.
🔧 Temporary Workarounds
Restrict directory permissions
linuxPrevent users from writing to directories where administrators might run the vulnerable setup script
chmod 755 /opt/mentor/modelsim
chown root:root /opt/mentor/modelsim
Remove vulnerable example scripts
linuxDelete or rename the example setup scripts that contain the vulnerability
rm -f /opt/mentor/modelsim/examples/setup_script.sh
🧯 If You Can't Patch
- Implement strict directory permissions ensuring only administrators can write to directories containing ModelSim/Questa executables
- Train administrators to never run simulation software or scripts from user-writable directories
🔍 How to Verify
Check if Vulnerable:
Check ModelSim/Questa version using 'vsim -version' or examine installed version in Windows Programs and Features. Verify if version is earlier than V2025.1.Check Version:
vsim -versionVerify Fix Applied:
Confirm installation of V2025.1 or later using version check commands and verify example setup scripts no longer load executables from current directory.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from non-standard directories
- Setup script execution from user directories
- Privilege escalation attempts
Network Indicators:
- None - this is a local privilege escalation vulnerability
SIEM Query:
Process Creation where (Image contains 'modelsim' OR Image contains 'questa') AND (CommandLine contains 'setup' OR CurrentDirectory contains user-writable path)