Out of Bounds Read Vulnerability in Siemens Teamcenter and Tecnomatix Products
CVE-2024-52574

7.8HIGH

Key Information:

Vendor: Siemens
Status: Teamcenter Visualization V14.2; Teamcenter Visualization V14.3; Teamcenter Visualization V2312; Teamcenter Visualization V2406
Vendor: CVE Published:; 18 November 2024

What is CVE-2024-52574?

A vulnerability has been identified in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, which involves an out of bounds read occurring past the end of an allocated structure when parsing specially crafted WRL files. This vulnerability could enable an attacker to execute code within the context of the affected application, posing significant security risks to users. It is crucial for organizations using these products to apply relevant patches and updates to mitigate potential exploitation.

Affected Version(s)

Teamcenter Visualization V14.2 0

Teamcenter Visualization V14.3 0

Teamcenter Visualization V2312 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8245...

https://cert-portal.siemens.com/productcert/html/ssa-6451...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024