Siemens Tecnomatix Plant Simulation

Plan PatchCVSS 7.8ICS-CERT ICSA-25-162-01May 13, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Tecnomatix Plant Simulation and Teamcenter Visualization contain an out-of-bounds read vulnerability in WRL (VRML) file parsing. When a user opens a malicious WRL file in an affected product, the application could crash or potentially execute arbitrary code. Affected versions are Teamcenter Visualization V14.3 (before 14.3.0.14), V2312 (before 2312.0010), V2406 (before 2406.0008), V2412 (before 2412.0004), and Tecnomatix Plant Simulation V2404 (before 2404.0013). Siemens has released patched versions for all affected products.

What this means

What could happen

An attacker could trick a user into opening a malicious WRL file in Tecnomatix Plant Simulation or Teamcenter Visualization, causing the application to crash or potentially execute arbitrary code on the engineering workstation.

Who's at risk

Engineering and design teams using Siemens Tecnomatix Plant Simulation or Teamcenter Visualization for process simulation, digital twins, and plant design. This affects workstations in manufacturing engineering departments and process design groups.

How it could be exploited

An attacker crafts a malicious WRL (VRML) file and sends it to a user via email or file sharing. When the user opens the file in an affected version of Tecnomatix Plant Simulation or Teamcenter Visualization, the application reads the file and triggers an out-of-bounds memory read. This could allow code execution in the context of the application.

Prerequisites

User must open a malicious WRL file in an affected application
Attacker must deliver the file to the user (email, file sharing, USB, etc.)
User must have an affected version installed

user interaction required (file open)affects engineering workstations not direct OT control systemslocal exploitation onlylow EPSS score (0.1%)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Teamcenter Visualization V14.3< V14.3.0.1414.3.0.14

Teamcenter Visualization V2312< V2312.00102312.0010

Teamcenter Visualization V2406< V2406.00082406.0008

Teamcenter Visualization V2412< V2412.00042412.0004

Tecnomatix Plant Simulation V2404< V2404.00132404.0013

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDDo not open WRL files from untrusted sources in affected applications until patched

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0013 or later

Teamcenter Visualization V14.3

HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.14 or later

Teamcenter Visualization V2312

HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0010 or later

Teamcenter Visualization V2406

HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0008 or later

Teamcenter Visualization V2412

HOTFIXUpdate Teamcenter Visualization V2412 to version 2412.0004 or later

CVEs (1)

CVE-2025-32454

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd6d46d4-682e-40ae-96d1-f3820099384b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.