Siemens Teamcenter Visualization and Tecnomatix

Plan PatchCVSS 7.8ICS-CERT ICSA-25-072-01Mar 11, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Teamcenter Visualization and Tecnomatix Plant Simulation contain multiple file parsing vulnerabilities in WRL (VRML/3D model) file handling. These vulnerabilities (CWE-787 buffer overflow, CWE-119 improper buffer handling, CWE-125 out-of-bounds read, CWE-416 use-after-free) could cause application crashes or arbitrary code execution if a user opens a malicious WRL file. No remote exploitation is possible—an attacker must convince a user to open a crafted file with one of these applications.

What this means

What could happen

An attacker could craft a malicious 3D model file (WRL format) that, when opened by an engineer in Teamcenter Visualization or Plant Simulation, could crash the application or execute arbitrary commands on the engineering workstation. This could disrupt design and simulation work and potentially compromise the integrity of industrial models and simulations used for production planning.

Who's at risk

Design and manufacturing engineers using Siemens Teamcenter Visualization for 3D model review and design engineers using Tecnomatix Plant Simulation for factory layout and process simulation. This affects any organization that uses these tools for product design, engineering collaboration, or manufacturing planning.

How it could be exploited

An attacker creates a malicious WRL file and tricks an engineer into downloading and opening it via email, file sharing, or a compromised website. When the file is loaded into Teamcenter Visualization or Plant Simulation, the parsing vulnerability is triggered, causing a buffer overflow or use-after-free condition that gives the attacker code execution on the engineer's computer in the context of the application.

Prerequisites

User interaction required—engineer must be tricked into opening a malicious WRL file
Victim must have one of the affected Teamcenter or Tecnomatix versions installed
WRL file must be placed where the user can access it (email, file share, or web download)

file parsing vulnerability triggered by user actionbuffer overflow and use-after-free conditions can lead to code executionaffects engineering workstations which may have access to design data and manufacturing systemssocial engineering required but no special knowledge needed

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

Teamcenter Visualization V14.3<V14.3.0.1314.3.0.13

Teamcenter Visualization V2312<V2312.00092312.0009

Teamcenter Visualization V2406<V2406.00072406.0007

Teamcenter Visualization V2412<V2412.00022412.0002

Tecnomatix Plant Simulation V2302<V2302.00212302.0021

Tecnomatix Plant Simulation V2404<V2404.00102404.0010

Remediation & Mitigation

0/8

Do now

0/1

WORKAROUNDInstruct engineering teams not to open WRL files from untrusted sources or unexpected email attachments

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

Teamcenter Visualization V14.3

HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.13 or later

Teamcenter Visualization V2312

HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0009 or later

Teamcenter Visualization V2406

HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0007 or later

Teamcenter Visualization V2412

HOTFIXUpdate Teamcenter Visualization V2412 to version 2412.0002 or later

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0021 or later

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0010 or later

Long-term hardening

0/1

HARDENINGImplement email gateway controls to block or warn on WRL file attachments from external senders

CVEs (8)

CVE-2025-23396 CVE-2025-23397 CVE-2025-23398 CVE-2025-23399 CVE-2025-23400 CVE-2025-23401 CVE-2025-23402 CVE-2025-27438

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d7072616-ffe2-4060-a52b-c0281f014bab

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.