Memory Corruption Vulnerability in Tecnomatix Plant Simulation by Siemens
CVE-2023-41846

7.8HIGH

Key Information:

Vendor: Siemens
Status: Tecnomatix Plant Simulation V2201; Tecnomatix Plant Simulation V2302
Vendor: CVE Published:; 12 September 2023

Summary

A significant vulnerability has been discovered in Tecnomatix Plant Simulation, impacting various versions due to improper handling of SPP files. This memory corruption issue may allow attackers to inject and execute arbitrary code within the application's process, posing a serious risk to system integrity and data security. Users are advised to update to the latest versions to mitigate potential exploits.

Affected Version(s)

Tecnomatix Plant Simulation V2201 All versions < V2201.0008

Tecnomatix Plant Simulation V2302 All versions < V2302.0002

References

https://cert-portal.siemens.com/productcert/pdf/ssa-76480...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Sep 4, 2023