Tecnomatix Plant Simulation Vulnerability: Out of Bounds Read Could Lead to Code Execution
CVE-2024-23802

7.8HIGH

Key Information:

Vendor: Siemens
Status: Tecnomatix Plant Simulation V2201; Tecnomatix Plant Simulation V2302
Vendor: CVE Published:; 13 February 2024

Summary

A vulnerability has been identified in Siemens Tecnomatix Plant Simulation versions V2201 and V2302, specifically in all versions prior to V2201.0012 and V2302.0006. This flaw involves an out of bounds read past the end of an allocated structure during the parsing of specially crafted SPP files. If exploited, an attacker may be able to execute arbitrary code within the context of the current process, posing potential risks to the integrity and security of systems utilizing the affected software.

Affected Version(s)

Tecnomatix Plant Simulation V2201 0

Tecnomatix Plant Simulation V2302 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0177...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 22, 2024