Out of Bounds Write Vulnerability in Tecnomatix Plant Simulation by Siemens
CVE-2023-44083

7.8HIGH

Key Information:

Vendor: Siemens
Status: Tecnomatix Plant Simulation V2201; Tecnomatix Plant Simulation V2302
Vendor: CVE Published:; 10 October 2023

What is CVE-2023-44083?

An identified flaw in Tecnomatix Plant Simulation allows for an out of bounds write past the end of an allocated buffer when parsing a specially crafted SPP file. This vulnerability could potentially enable an attacker to execute arbitrary code within the context of the affected process, posing a significant security risk. Users are advised to update to the latest versions to mitigate this vulnerability.

Affected Version(s)

Tecnomatix Plant Simulation V2201 All versions < V2201.0009

Tecnomatix Plant Simulation V2302 All versions < V2302.0003

References

https://cert-portal.siemens.com/productcert/pdf/ssa-52477...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Sep 25, 2023