Specially Crafted MODEL Files Can Trigger Code Execution Vulnerability in Tecnomatix Plant Simulation

CVE-2024-35303
7.8HIGH

Key Information

Vendor
Siemens
Status
Tecnomatix Plant Simulation V2302
Tecnomatix Plant Simulation V2404
Vendor
CVE Published:
11 June 2024

Summary

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958)

Affected Version(s)

Tecnomatix Plant Simulation V2302 < 0

Tecnomatix Plant Simulation V2404 < 0

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.