OTPulse
FeedAboutContact

Siemens Teamcenter Visualization 

Plan Patch7.8ICS-CERT ICSA-24-347-09Dec 10, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities in WRL file handling that could lead to application crash or arbitrary code execution when a user opens a malicious WRL file. The vulnerabilities are triggered during file parsing and affect versions V14.2 (before 14.2.0.14), V14.3 (before 14.3.0.12), V2312 (before 2312.0008), and V2406 (before 2406.0005).

What this means
What could happen
If an operator opens a malicious WRL file, Teamcenter Visualization could crash, interrupting design and visualization work, or an attacker could execute arbitrary code on the engineering workstation, potentially compromising design data or gaining access to connected systems.
Who's at risk
Design and manufacturing teams using Siemens Teamcenter Visualization for 3D modeling and visualization. This affects engineering workstations running the affected product versions across any industry using Teamcenter for CAD work, including automotive, aerospace, and heavy equipment manufacturing.
How it could be exploited
An attacker must trick a user into opening a specially crafted WRL file in Teamcenter Visualization. The malicious file triggers a parsing vulnerability during file read, causing memory corruption that could result in code execution with the privileges of the user running the application.
Prerequisites
  • User must open a malicious WRL file in Teamcenter Visualization
  • Social engineering required to convince user to open untrusted file
  • Attacker has no direct network access—requires user interaction
Requires user interaction (social engineering)Low complexity exploitationNo remote attack capabilityHigh severity if exploited (code execution potential)Affects engineering workstations with design data access
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Teamcenter Visualization V14.2<V14.2.0.1414.2.0.14
Teamcenter Visualization V14.3<V14.3.0.1214.3.0.12
Teamcenter Visualization V2312<V2312.00082312.0008
Teamcenter Visualization V2406<V2406.00052406.0005
Remediation & Mitigation
0/6
Do now
0/1
WORKAROUNDDo not open WRL files from untrusted or unexpected sources; educate users about the risk of opening files from external email or messaging
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

Teamcenter Visualization V14.2
HOTFIXUpdate Teamcenter Visualization V14.2 to version 14.2.0.14 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.12 or later
Teamcenter Visualization V2312
HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0008 or later
Teamcenter Visualization V2406
HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0005 or later
Long-term hardening
0/1
HARDENINGImplement email filtering to block WRL file attachments from external senders or use security gateways to inspect incoming files
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f5452854-089c-4c73-889d-cd5ddae2f70c
Siemens Teamcenter Visualization  | CVSS 7.8 - OTPulse