Memory Corruption vulnerability in Tecnomatix Plant Simulation
CVE-2024-45475

7.8HIGH

Key Information:

Vendor: Siemens
Status: Teamcenter Visualization V14.2; Teamcenter Visualization V14.3; Teamcenter Visualization V2312; Tecnomatix Plant Simulation V2302
Vendor: CVE Published:; 8 October 2024

Summary

A memory corruption vulnerability exists in Teamcenter Visualization and Tecnomatix Plant Simulation products due to improper handling of specially crafted WRL files. This vulnerability affects multiple versions of Teamcenter Visualization and Tecnomatix Plant Simulation, making them susceptible to exploitation. An attacker, leveraging this flaw, could potentially execute arbitrary code within the context of the affected application process, posing significant security risks to the system's integrity and confidentiality. Users of the affected products are advised to update to the recommended secure versions to mitigate these risks.

Affected Version(s)

Teamcenter Visualization V14.2 0

Teamcenter Visualization V14.3 0

Teamcenter Visualization V2312 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5835...

https://cert-portal.siemens.com/productcert/html/ssa-6451...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 29, 2024