Out of Bounds Read Vulnerability in Teamcenter Visualization

Plan Patch7.8SSA-542540May 13, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Teamcenter Visualization contains an out-of-bounds read vulnerability in WRL (VRML 3D model) file parsing. When a user opens a malicious WRL file, the application reads beyond allocated memory boundaries, causing a crash or potentially enabling arbitrary code execution on the engineering workstation. All versions from V14.3 through V2412 are affected. Siemens has released patched versions for all affected product lines.

What this means

What could happen

An attacker could trick an engineer or designer into opening a malicious 3D model file (.WRL format), causing Teamcenter Visualization to crash or potentially execute arbitrary code on the engineering workstation with that user's privileges.

Who's at risk

Engineering and design teams at utilities and industrial facilities who use Siemens Teamcenter Visualization for 3D plant models, asset design, and process documentation. This affects workstations, not operational equipment directly, but compromised design workstations could be used to modify or exfiltrate critical infrastructure designs.

How it could be exploited

An attacker crafts a malicious WRL (VRML 3D model) file with out-of-bounds data and sends it to an engineer via email or file sharing. When the engineer opens the file in Teamcenter Visualization, the application attempts to parse the malformed file, reads memory beyond the expected bounds, and either crashes or allows code execution. This targets design and engineering personnel rather than operational systems directly.

Prerequisites

User must open a malicious WRL file in Teamcenter Visualization
No special network access or credentials required
Depends on social engineering to deliver the malicious file

Requires user interaction (file open)No network access requiredLow complexity exploitAffects design/engineering workstationsLow exploit probability (0.1% EPSS)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Teamcenter Visualization V14.3< V14.3.0.1414.3.0.14

Teamcenter Visualization V2312< V2312.00102312.0010

Teamcenter Visualization V2406< V2406.00082406.0008

Teamcenter Visualization V2412< V2412.00042412.0004

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDEducate engineering and design staff not to open 3D model files from untrusted sources or unexpected attachments

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Teamcenter Visualization V14.3

HOTFIXUpdate Teamcenter Visualization V14.3 to version 14.3.0.14 or later

Teamcenter Visualization V2312

HOTFIXUpdate Teamcenter Visualization V2312 to version 2312.0010 or later

Teamcenter Visualization V2406

HOTFIXUpdate Teamcenter Visualization V2406 to version 2406.0008 or later

Teamcenter Visualization V2412

HOTFIXUpdate Teamcenter Visualization V2412 to version 2412.0004 or later

CVEs (1)

CVE-2025-32454

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/efe141a2-6749-41ed-b7a8-fc9cbc563128