Siemens Tecnomatix Plant Simulation

Monitor6.8ICS-CERT ICSA-25-072-08Mar 11, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Tecnomatix Plant Simulation versions V2302 (before 2302.0021) and V2404 (before 2404.0010) do not properly restrict simulation model access to the filesystem. An attacker with local access could exploit improper filesystem access controls to read, modify, or delete arbitrary files on the affected device, including critical simulation data and system files.

What this means

What could happen

An attacker with local access to a device running Tecnomatix Plant Simulation could read, modify, or delete arbitrary files on the system, potentially compromising simulation data, configuration files, or causing the simulation environment to become unusable.

Who's at risk

This vulnerability affects organizations using Siemens Tecnomatix Plant Simulation for manufacturing process modeling and simulation. It is relevant to automotive, machinery, and discrete manufacturing facilities that rely on simulation workstations for production planning and process optimization.

How it could be exploited

An attacker must first gain local access to the device running Tecnomatix Plant Simulation. Once local, they can craft a malicious simulation model that exploits improper filesystem access controls to read or delete arbitrary files outside the intended simulation directory, bypassing the application's intended filesystem restrictions.

Prerequisites

Local access to the device running Tecnomatix Plant Simulation
Ability to create or modify simulation model files
No authentication credentials required for exploitation once local access is achieved

local access requiredaffects simulation and planning infrastructurecan cause data loss or corruptionno authentication required for exploitation

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2302<V2302.00212302.0021

Tecnomatix Plant Simulation V2404<V2404.00102404.0010

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict local access to devices running Tecnomatix Plant Simulation to authorized personnel only

WORKAROUNDDisable or restrict local login capabilities on simulation devices if not required for operations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0021 or later

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0010 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate simulation environments from general IT networks

CVEs (2)

CVE-2025-25266 CVE-2025-25267

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/991ace29-42d4-4a46-8fbe-e85e238a4027