Out of Bounds Read Vulnerability in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation Products
CVE-2024-52567

7.8HIGH

Key Information:

Vendor: Siemens
Status: Teamcenter Visualization V14.2; Teamcenter Visualization V14.3; Teamcenter Visualization V2312; Teamcenter Visualization V2406
Vendor: CVE Published:; 18 November 2024

Summary

An out of bounds read vulnerability exists in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, affecting several versions prior to specified updates. This issue occurs during the parsing of specially crafted WRL files, which may lead to an attacker executing code in the context of the current process. The flaw could potentially be exploited if an attacker can manipulate the files processed by the affected applications, emphasizing the need for users to apply available updates to mitigate any potential risks.

Affected Version(s)

Teamcenter Visualization V14.2 0

Teamcenter Visualization V14.3 0

Teamcenter Visualization V2312 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8245...

https://cert-portal.siemens.com/productcert/html/ssa-6451...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024