Improper Access Control Vulnerabilities in Tecnomatix Plant Simulation

Monitor6.8SSA-507653Mar 11, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Tecnomatix Plant Simulation versions V2302 (before V2302.0021) and V2404 (before V2404.0010) do not properly restrict filesystem access from the simulation model. An attacker with local access to a Tecnomatix workstation could exploit this to read or delete arbitrary files on that device, including simulation models, configuration files, or other user data stored on the system.

What this means

What could happen

An attacker with local access to a Tecnomatix Plant Simulation installation could read or delete arbitrary files on the system, potentially compromising simulation models, historical data, or other critical files stored on the same device.

Who's at risk

Engineering teams and process planners who use Siemens Tecnomatix Plant Simulation for digital factory planning and optimization. This includes automotive manufacturing, discrete parts production, and other sectors that rely on simulation for production layout and process validation.

How it could be exploited

An attacker with local access to the affected system can exploit improper filesystem access controls in Tecnomatix Plant Simulation to read or delete files outside the intended simulation model directory. This requires the attacker to have execution privileges on the simulation workstation.

Prerequisites

Local access to the Tecnomatix Plant Simulation workstation
Ability to execute commands or interact with the Plant Simulation application

Low complexity attackNo authentication requiredAffects simulation and planning systems

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2302< V2302.00212302.0021

Tecnomatix Plant Simulation V2404< V2404.00102404.0010

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0021 or later

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0010 or later

CVEs (2)

CVE-2025-25266 CVE-2025-25267

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9c40305-c4cb-4033-afe7-10cd2915e187