File Parsing Vulnerabilities in Tecnomatix Plant Simulation

Plan Patch7.8SSA-524778Oct 10, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Tecnomatix Plant Simulation and Parasolid contain multiple file parsing vulnerabilities (CWE-787, CWE-125, CWE-704, CWE-121) in the handling of SPP and IGS file formats. When a user opens a malicious SPP or IGS file, buffer overflows and memory corruption can occur, leading to application crash or arbitrary code execution. The vulnerabilities affect Tecnomatix Plant Simulation V2201 (before 2201.0009), V2302 (before 2302.0003), and Parasolid V35.0 (before 35.0.262), V35.1 (before 35.1.250), and V36.0 (before 36.0.169). Siemens has released patched versions for all affected products.

What this means

What could happen

An attacker could trick an engineer into opening a malicious SPP or IGS file in Tecnomatix Plant Simulation, causing the application to crash or run arbitrary commands with the user's privileges on the engineering workstation.

Who's at risk

Manufacturing and process engineers who use Siemens Tecnomatix Plant Simulation to design and optimize plant layouts and 3D models. Also affects any software that uses the Parasolid geometry engine. Risk is highest for organizations that receive plant design files from external suppliers or consultants.

How it could be exploited

An attacker creates a malicious SPP or IGS file (plant simulation or CAD geometry files) and tricks an engineer into opening it. The file parsing vulnerability in Siemens' code triggers a buffer overflow or memory corruption flaw, allowing code execution on the engineer's workstation. The attacker gains access to simulation data, network credentials, or uses the workstation as a pivot point into the plant network.

Prerequisites

User interaction required: engineer must open a malicious SPP or IGS file
Vulnerable version of Tecnomatix Plant Simulation or Parasolid installed
File access to the workstation (via email, file share, USB, or social engineering)

User interaction requiredLow complexity to exploitBuffer overflow and memory corruption bugsHigh impact if code execution achievedAffects engineering workstations with network access

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2201<V2201.00092201.0009

Tecnomatix Plant Simulation V2302<V2302.00032302.0003

Parasolid V35.0<V35.0.26235.0.262

Parasolid V35.1<V35.1.25035.1.250

Parasolid V36.0<V36.0.16936.0.169

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDInstruct engineers not to open SPP or IGS files from untrusted sources and to verify file origin before opening

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2201

HOTFIXUpdate Tecnomatix Plant Simulation V2201 to version 2201.0009 or later

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0003 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.262 or later

Parasolid V35.1

HOTFIXUpdate Parasolid V35.1 to version 35.1.250 or later

Parasolid V36.0

HOTFIXUpdate Parasolid V36.0 to version 36.0.169 or later

CVEs (9)

CVE-2023-44081 CVE-2023-44082 CVE-2023-44083 CVE-2023-44084 CVE-2023-44085 CVE-2023-44086 CVE-2023-44087 CVE-2023-45204 CVE-2023-45601

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e5422517-b0b1-43db-afc7-73078bc8c481