Multiple File Parsing Vulnerabilities in Tecnomatix Plant Simulation

Plan Patch7.8SSA-017796Feb 13, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities in WRL, PSOBJ, and SPP file formats. When a user opens a malicious file in one of these formats, the application may crash or allow arbitrary code execution due to buffer overflow and null pointer dereference issues (CWE-787, CWE-122, CWE-121, CWE-476, CWE-125).

What this means

What could happen

An attacker who tricks a plant engineer into opening a malicious design or model file could crash the simulation software or run arbitrary code on the engineering workstation, potentially allowing access to plant configuration data or other systems on the network.

Who's at risk

This affects manufacturing and process engineering teams who use Tecnomatix Plant Simulation for virtual plant modeling and digital twin development. Risk is highest for users who receive design files or model libraries from external sources, contractors, or untrusted repositories. Engineering workstations running affected versions are at risk.

How it could be exploited

An attacker crafts a malicious WRL, PSOBJ, or SPP file (common 3D model and plant layout formats) and sends it to a plant engineer via email, file sharing, or a compromised repository. When the engineer opens the file in Tecnomatix Plant Simulation, the vulnerable parser triggers a buffer overflow or null pointer dereference, crashing the app or executing attacker code with the user's privileges.

Prerequisites

User must open a malicious file with Plant Simulation
File must be in WRL, PSOBJ, or SPP format
User must have Tecnomatix Plant Simulation installed on their workstation

Low local attack complexityUser interaction required (file open)High CVSS score (7.8)Buffer overflow vulnerabilitiesNo patch available for V2201 all versionsEngineering workstations involved

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2201<V2201.00122201.0012

Tecnomatix Plant Simulation V2302<V2302.00062302.0006

Tecnomatix Plant Simulation V2302<V2302.00072302.0007

Tecnomatix Plant Simulation V2201All versions2201.0012

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement file validation and scanning for WRL, PSOBJ, and SPP files before opening in Plant Simulation

HARDENINGEducate plant engineers to avoid opening design or model files from untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2201

HOTFIXUpdate Tecnomatix Plant Simulation V2201 to version 2201.0012 or later

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0006 or 2302.0007 or later

Long-term hardening

0/1

HARDENINGRestrict user permissions on engineering workstations to prevent untrusted files from being opened in Plant Simulation

CVEs (10)

CVE-2024-23795 CVE-2024-23796 CVE-2024-23797 CVE-2024-23798 CVE-2024-23799 CVE-2024-23800 CVE-2024-23801 CVE-2024-23802 CVE-2024-23803 CVE-2024-23804

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1baa5a85-5a83-43c2-8f47-2f4799bfe52d