Specially Crafted MODEL Files Can Trigger Code Execution Vulnerability in Tecnomatix Plant Simulation
CVE-2024-35303
7.8HIGH
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 11 June 2024
Summary
A type confusion vulnerability has been discovered in Siemens Tecnomatix Plant Simulation software, particularly impacting versions prior to V2302.0012 for V2302 and prior to V2404.0001 for V2404. This vulnerability arises during the parsing of specially crafted MODEL files, potentially permitting an attacker to execute arbitrary code in the context of the current process. Proper mitigation strategies should be enforced to safeguard against unauthorized access and code execution risks inherent in this vulnerability.
Affected Version(s)
Tecnomatix Plant Simulation V2302 0
Tecnomatix Plant Simulation V2404 0
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved