Specially Crafted WRL File Vulnerability Affects Tecnomatix Plant Simulation
CVE-2024-45471

7.8HIGH

Key Information:

Vendor
Siemens
Status
Teamcenter Visualization V14.2
Teamcenter Visualization V14.3
Teamcenter Visualization V2312
Tecnomatix Plant Simulation V2302
Vendor
CVE Published:
8 October 2024

Summary

A vulnerability has been discovered in several Siemens applications, particularly in Teamcenter Visualization and Tecnomatix Plant Simulation, where an out of bounds write occurs while processing specially crafted WRL files. This flaw can potentially enable an attacker to execute arbitrary code in the context of the affected process, representing a significant risk for organizations using these products without necessary updates. Users are advised to upgrade to the secure versions to mitigate any potential threats.

Affected Version(s)

Teamcenter Visualization V14.2 0

Teamcenter Visualization V14.3 0

Teamcenter Visualization V2312 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5835...
https://cert-portal.siemens.com/productcert/html/ssa-6451...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.