Siemens Tecnomatix Plant Simulation

MonitorCVSS 6.8ICS-CERT ICSA-25-072-08Mar 11, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Tecnomatix Plant Simulation V2302 (before version 2302.0021) and V2404 (before version 2404.0010) do not properly restrict the simulation engine's access to the filesystem. A user with local access to the device can exploit this to read or delete arbitrary files on the operating system.

What this means

What could happen

An attacker with local access to a device running Siemens Tecnomatix Plant Simulation could read, modify, or delete arbitrary files on the filesystem, potentially compromising simulation data, configuration files, or causing the simulation to malfunction.

Who's at risk

Engineering and modeling teams using Siemens Tecnomatix Plant Simulation for manufacturing process simulation, plant layout design, and production planning. This primarily affects mid-size manufacturers, automotive suppliers, and process engineering departments that depend on simulation for planning and optimization.

How it could be exploited

An attacker with local access to the device opens or runs a simulation model file. The vulnerability in the simulation engine does not properly isolate filesystem access, allowing the attacker to read sensitive files outside the intended simulation directory or delete critical files on the operating system.

Prerequisites

Local access to the device (physical or via remote desktop/RDP)
Ability to open or trigger a simulation model file
No special credentials required to trigger the vulnerability

Local access requiredLow attack complexityNo authentication barrierArbitrary file deletion possible

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2302<V2302.00212302.0021

Tecnomatix Plant Simulation V2404<V2404.00102404.0010

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local access to Tecnomatix Plant Simulation devices to authorized personnel only; limit remote access (RDP/remote desktop) to trusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0021 or later

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0010 or later

Long-term hardening

0/1

HARDENINGIsolate the network containing Tecnomatix Plant Simulation systems from business networks using a firewall or air-gap

CVEs (2)

CVE-2025-25266 CVE-2025-25267

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/991ace29-42d4-4a46-8fbe-e85e238a4027

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.