OTPulse

Siemens Tecnomatix Plant Simulation

Plan PatchCVSS 7.8ICS-CERT ICSA-25-162-01May 13, 2025
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Siemens Tecnomatix Plant Simulation and Teamcenter Visualization contain an out-of-bounds read vulnerability in WRL (VRML) file parsing. When a user opens a malicious WRL file in an affected product, the application could crash or potentially execute arbitrary code. Affected versions are Teamcenter Visualization V14.3 (before 14.3.0.14), V2312 (before 2312.0010), V2406 (before 2406.0008), V2412 (before 2412.0004), and Tecnomatix Plant Simulation V2404 (before 2404.0013). Siemens has released patched versions for all affected products.

What this means
What could happen
An attacker could trick a user into opening a malicious WRL file in Tecnomatix Plant Simulation or Teamcenter Visualization, causing the application to crash or potentially execute arbitrary code on the engineering workstation.
Who's at risk
Engineering and design teams using Siemens Tecnomatix Plant Simulation or Teamcenter Visualization for process simulation, digital twins, and plant design. This affects workstations in manufacturing engineering departments and process design groups.
How it could be exploited
An attacker crafts a malicious WRL (VRML) file and sends it to a user via email or file sharing. When the user opens the file in an affected version of Tecnomatix Plant Simulation or Teamcenter Visualization, the application reads the file and triggers an out-of-bounds memory read. This could allow code execution in the context of the application.
Prerequisites
  • User must open a malicious WRL file in an affected application
  • Attacker must deliver the file to the user (email, file sharing, USB, etc.)
  • User must have an affected version installed
user interaction required (file open)affects engineering workstations not direct OT control systemslocal exploitation onlylow EPSS score (0.1%)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (5)
5 with fix
ProductAffected VersionsFix Status
Teamcenter Visualization V14.3< V14.3.0.1414.3.0.14
Teamcenter Visualization V2312< V2312.00102312.0010
Teamcenter Visualization V2406< V2406.00082406.0008
Teamcenter Visualization V2412< V2412.00042412.0004
Tecnomatix Plant Simulation V2404< V2404.00132404.0013
Remediation & Mitigation
0/6
Do now
0/1
WORKAROUNDDo not open WRL files from untrusted sources in affected applications until patched
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2404
HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0013 or later
Teamcenter Visualization V14.3
HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.14 or later
Teamcenter Visualization V2312
HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0010 or later
Teamcenter Visualization V2406
HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0008 or later
Teamcenter Visualization V2412
HOTFIXUpdate Teamcenter Visualization V2412 to version 2412.0004 or later
View full CISA ICS-CERT advisory
API: /api/v1/advisories/cd6d46d4-682e-40ae-96d1-f3820099384b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.