Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation Before V2302.0018 and V2404.0007

Plan Patch7.8SSA-824503Nov 18, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Tecnomatix Plant Simulation V2302 (before 2302.0018) and V2404 (before 2404.0007) contain multiple file parsing vulnerabilities in WRL file handling. These vulnerabilities include buffer overflow (CWE-787), out-of-bounds read (CWE-125), use-after-free (CWE-416), and stack-based buffer overflow (CWE-121). When a user opens a malicious WRL file, the application may crash or execute arbitrary code with user privileges.

What this means

What could happen

If an operator or engineer opens a malicious WRL file in Tecnomatix Plant Simulation, the application could crash, losing unsaved work and disrupting simulation activities, or an attacker could execute arbitrary code with the user's privileges on the engineering workstation.

Who's at risk

Manufacturing and process engineering teams who use Siemens Tecnomatix Plant Simulation for digital factory planning, layout simulation, and process optimization. This includes automotive, discrete manufacturing, and consumer goods industries where plant simulation is used on engineering workstations.

How it could be exploited

An attacker creates a malicious WRL (VRML) file and tricks an engineer or operator into opening it using Tecnomatix Plant Simulation. When the file is parsed, one of the parsing vulnerabilities (buffer overflow, out-of-bounds read, or use-after-free) is triggered, causing the application to crash or allowing code execution on the engineering workstation.

Prerequisites

User must open a malicious WRL file in Tecnomatix Plant Simulation
User interaction required (the file must be explicitly opened by the user)

High severity vulnerabilityMultiple parsing flaws (buffer overflow, out-of-bounds read, use-after-free)Affects engineering workstations where simulation tools runUser interaction required to triggerAffects file parsing (WRL format)Arbitrary code execution possible

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Tecnomatix Plant Simulation V2302< V2302.00182302.0018

Tecnomatix Plant Simulation V2404< V2404.00072404.0007

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEducate users not to open WRL files from untrusted sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Tecnomatix Plant Simulation V2302

HOTFIXUpdate Tecnomatix Plant Simulation V2302 to version 2302.0018 or later

Tecnomatix Plant Simulation V2404

HOTFIXUpdate Tecnomatix Plant Simulation V2404 to version 2404.0007 or later

CVEs (10)

CVE-2024-52565 CVE-2024-52566 CVE-2024-52567 CVE-2024-52568 CVE-2024-52569 CVE-2024-52570 CVE-2024-52571 CVE-2024-52572 CVE-2024-52573 CVE-2024-52574

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e818b97c-514b-4fdf-82f1-a5b975869234