CVE-2024-53977
Published: 11 February 2025
Summary
CVE-2024-53977 is a medium-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Siemens Modelsim. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the untrusted search path vulnerability in the example setup script by applying the vendor patch to ModelSim/Questa V2025.1 or later.
Limits system functionality by removing or disabling unnecessary example setup scripts that load executables from potentially user-writable current working directories.
Enforces secure configuration settings for ModelSim/Questa to avoid relative paths in scripts and restrict execution to trusted directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Untrusted search path (CWE-427) in setup script enables local privilege escalation via malicious executable placement in CWD (T1068); directly maps to search-order path interception hijacking (T1574.008).
NVD Description
A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow…
more
an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.
Deeper analysisAI
CVE-2024-53977 is a vulnerability affecting ModelSim (all versions prior to V2025.1) and Questa (all versions prior to V2025.1), stemming from an example setup script that loads a specific executable file from the current working directory. This flaw, classified under CWE-427 (Untrusted Search Path), enables potential code injection due to the script's reliance on the working directory for executable resolution. The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts on confidentiality, integrity, and availability.
An authenticated local attacker with low privileges can exploit this issue by placing a malicious executable in a user-writable directory. Exploitation requires high attack complexity and user interaction, specifically when an administrator or elevated-privilege process launches the setup script from that directory. Successful exploitation allows arbitrary code injection, leading to privilege escalation on the affected system.
Siemens has published advisory SSA-637914 detailing the issue, available at https://cert-portal.siemens.com/productcert/html/ssa-637914.html, which security practitioners should consult for mitigation guidance and patch information.
Details
- CWE(s)