Siemens Tecnomatix Plant Simulation
Plan Patch7.8ICS-CERT ICSA-24-046-07Feb 13, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Tecnomatix Plant Simulation contains multiple buffer overflow and out-of-bounds memory access vulnerabilities in the WRL, PSOBJ, and SPP file parsers. When a user opens a malicious file in one of these formats, the application could crash or allow arbitrary code execution. Siemens has released patches for V2201 (version 2201.0012) and V2302 (versions 2302.0006 and 2302.0007), but V2201 has no fix available for CVE-2024-23799, 23800, 23801, and 23803. Exploitation requires social engineering to trick a user into opening a hostile file; remote exploitation is not possible.
What this means
What could happen
If a user opens a malicious WRL, PSOBJ, or SPP file in Tecnomatix Plant Simulation, the application could crash, causing work stoppage, or an attacker could execute arbitrary code on the engineering workstation. This affects anyone using the software to design or simulate manufacturing processes.
Who's at risk
This affects anyone using Siemens Tecnomatix Plant Simulation V2201 or V2302 for manufacturing process design and simulation, particularly plant engineers and CAD operators who may receive or download files from external sources. The vulnerability requires user interaction (opening a file) and is not remotely exploitable, so the primary risk is to engineering workstations that may be less protected than OT production networks.
How it could be exploited
An attacker creates a malicious file in WRL, PSOBJ, or SPP format and tricks a user into opening it in Tecnomatix Plant Simulation (via email, file sharing, or social engineering). When the application parses the file, memory corruption vulnerabilities (buffer overflow, out-of-bounds access) allow the attacker to crash the application or run code with the user's privileges on the engineering workstation.
Prerequisites
- User must open a malicious file with Tecnomatix Plant Simulation
- File must be in WRL, PSOBJ, or SPP format
- No special credentials or network access required
Requires user interaction (file opening)Low complexity exploitationMultiple vulnerability types (memory corruption)V2201 has no fix for 4 of 8 CVEsCould lead to code execution on engineering workstation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Tecnomatix Plant Simulation V2201<V2201.00122201.0012
Tecnomatix Plant Simulation V2302<V2302.00062302.0006
Tecnomatix Plant Simulation V2302<V2302.00072302.0007
Tecnomatix Plant Simulation V2201All versions2201.0012
Remediation & Mitigation
0/6
Do now
0/2WORKAROUNDDo not open untrusted or unexpected WRL, PSOBJ, or SPP files from email, file shares, or external sources in Tecnomatix Plant Simulation
WORKAROUNDEducate users about social engineering and email phishing that may deliver malicious files; do not click links or open attachments in unsolicited email
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
Tecnomatix Plant Simulation V2201
HOTFIXUpdate Tecnomatix Plant Simulation V2201 to version 2201.0012 or later (fixes CVE-2024-23795, 23796, 23797, 23798, 23802, 23804)
Tecnomatix Plant Simulation V2302
HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0006 or later (fixes CVE-2024-23795, 23796, 23797, 23798, 23802, 23804)
HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0007 or later (fixes CVE-2024-23799, 23800, 23801, 23803)
Long-term hardening
0/1HARDENINGRestrict network access to engineering workstations running Tecnomatix Plant Simulation using firewalls and network segmentation; isolate design networks from business networks
CVEs (10)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fbd1d56c-302a-4663-9754-91dfbdf320ca