Tecnomatix Plant Simulation Vulnerable to Memory Corruption
CVE-2024-45473

7.8HIGH

Key Information:

Vendor: Siemens
Status: Teamcenter Visualization V14.2; Teamcenter Visualization V14.3; Teamcenter Visualization V2312; Tecnomatix Plant Simulation V2302
Vendor: CVE Published:; 8 October 2024

Summary

A vulnerability has been identified within Teamcenter Visualization and Tecnomatix Plant Simulation that permits memory corruption when parsing specially crafted WRL files. This flaw could be exploited by attackers to potentially execute arbitrary code in the context of the running process. Various versions of Teamcenter Visualization and Tecnomatix Plant Simulation are affected, highlighting the necessity for users to update to the patched versions to mitigate potential risks associated with this vulnerability. The intricate interplay between this vulnerability and other existing flaws could lead to compounded security issues, emphasizing the need for comprehensive security measures.

Affected Version(s)

Teamcenter Visualization V14.2 0

Teamcenter Visualization V14.3 0

Teamcenter Visualization V2312 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5835...

https://cert-portal.siemens.com/productcert/html/ssa-6451...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 29, 2024