Cyber Resilience

CVE-2024-53977

Medium

Published: 11 February 2025

Published
11 February 2025
Modified
25 September 2025
KEV Added
Patch
CVSS Score v4 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 16.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53977 is a medium-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Siemens Modelsim. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2024-53977 is a vulnerability affecting ModelSim (all versions prior to V2025.1) and Questa (all versions prior to V2025.1), stemming from an example setup script that loads a specific executable file from the current working directory. This flaw, classified under CWE-427 (Untrusted Search Path), enables potential code injection due to the script's reliance on the working directory for executable resolution. The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts on confidentiality, integrity, and availability.

An authenticated local attacker with low privileges can exploit this issue by placing a malicious executable in a user-writable directory. Exploitation requires high attack complexity and user interaction, specifically when an administrator or elevated-privilege process launches the setup script from that directory. Successful exploitation allows arbitrary code injection, leading to privilege escalation on the affected system.

Siemens has published advisory SSA-637914 detailing the issue, available at https://cert-portal.siemens.com/productcert/html/ssa-637914.html, which security practitioners should consult for mitigation guidance and patch information.

EU & UK References

Vulnerability details

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow…

more

an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
Why these techniques?

Untrusted search path (CWE-427) in setup script enables local privilege escalation via malicious executable placement in CWD (T1068); directly maps to search-order path interception hijacking (T1574.008).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25655Same vendor: Siemens
CVE-2026-25656Same vendor: Siemens
CVE-2025-40942Same vendor: Siemens
CVE-2026-34054Shared CWE-427
CVE-2025-27396Same vendor: Siemens
CVE-2025-40746Same vendor: Siemens
CVE-2025-33208Shared CWE-427
CVE-2026-25569Same vendor: Siemens
CVE-2025-27394Same vendor: Siemens
CVE-2025-27494Same vendor: Siemens

Affected Assets

siemens
modelsim
≤ 2025.1
siemens
questa
≤ 2025.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the untrusted search path vulnerability in the example setup script by applying the vendor patch to ModelSim/Questa V2025.1 or later.

prevent

Limits system functionality by removing or disabling unnecessary example setup scripts that load executables from potentially user-writable current working directories.

prevent

Enforces secure configuration settings for ModelSim/Questa to avoid relative paths in scripts and restrict execution to trusted directories.

References