OTPulse

Siemens Teamcenter Visualization 

Plan PatchCVSS 7.8ICS-CERT ICSA-24-347-09Dec 10, 2024
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities (CWE-125, CWE-119, CWE-787, CWE-476, CWE-416, CWE-121) in WRL file format handling. If a user opens a malicious WRL file, the application could crash or allow arbitrary code execution. Affected versions: V14.2 prior to 14.2.0.14, V14.3 prior to 14.3.0.12, V2312 prior to 2312.0008, and V2406 prior to 2406.0005. These vulnerabilities are not remotely exploitable and require user interaction.

What this means
What could happen
An attacker could trick a user into opening a malicious WRL file in Teamcenter Visualization, causing the application to crash or potentially execute arbitrary code with the user's privileges.
Who's at risk
Manufacturing and engineering organizations using Siemens Teamcenter Visualization for CAD/3D modeling and design work, particularly those processing design files from external vendors or untrusted sources.
How it could be exploited
An attacker sends or hosts a malicious WRL (VRML) file and tricks a user into opening it directly in Teamcenter Visualization. The file parsing vulnerabilities are triggered when the application processes the file, leading to a crash or code execution.
Prerequisites
  • User interaction required: a user must be tricked into opening a malicious WRL file
  • The malicious file must be delivered to the user via email, web, or file share
  • The user must have Teamcenter Visualization installed and running the affected version
User interaction required (social engineering risk)Low exploit complexityAffects application availability and integrityAffects engineering workstations
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Teamcenter Visualization V14.2<V14.2.0.1414.2.0.14
Teamcenter Visualization V14.3<V14.3.0.1214.3.0.12
Teamcenter Visualization V2312<V2312.00082312.0008
Teamcenter Visualization V2406<V2406.00052406.0005
Remediation & Mitigation
0/6
Do now
0/1
WORKAROUNDDo not open WRL files from untrusted sources in Teamcenter Visualization
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.14 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.12 or later
Teamcenter Visualization V2312
HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0008 or later
Teamcenter Visualization V2406
HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0005 or later
Long-term hardening
0/1
HARDENINGRestrict network access to Teamcenter Visualization systems and place them behind a firewall
View full CISA ICS-CERT advisory
API: /api/v1/advisories/f5452854-089c-4c73-889d-cd5ddae2f70c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens Teamcenter Visualization  | CVSS 7.8 - OTPulse