Out of Bounds Read Vulnerability in Tecnomatix Plant Simulation Before 2404
Plan Patch7.8SSA-486186Jun 10, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens Tecnomatix Plant Simulation versions before V2404.0013 contain an out-of-bounds read vulnerability in WRL file parsing. A malicious WRL file can trigger the vulnerability when opened, causing the application to crash or potentially allowing arbitrary code execution with the privileges of the user running the application.
What this means
What could happen
An attacker could crash Tecnomatix Plant Simulation or potentially execute arbitrary code by tricking a user into opening a malicious WRL file, disrupting plant design and simulation work.
Who's at risk
This affects Siemens Tecnomatix Plant Simulation users responsible for manufacturing plant design, layout simulation, and digital factory planning. Any facility using Tecnomatix for process modeling, logistics simulation, or factory layout should prioritize patching to prevent disruption to design workflows.
How it could be exploited
An attacker creates a malicious WRL (Virtual Reality Markup Language) file with out-of-bounds read triggers. The attacker tricks a user with Tecnomatix Plant Simulation installed to open the file. The application reads the malformed file data, causing a crash or potentially executing attacker code with the user's privileges.
Prerequisites
- User with Tecnomatix Plant Simulation installed
- User must be socially engineered or deceived to open a malicious WRL file
- Affected version (before V2404.0013) must be in use
low attack complexityuser interaction required (file opening)local attack vector only
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Tecnomatix Plant Simulation V2404< V2404.00132404.0013
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Tecnomatix Plant Simulation to version 2404.0013 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8c68ba6c-2dcd-42b0-9dec-c19d9c23d51a