OTPulse
FeedAboutContact

MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0011

Plan Patch7.8SSA-923361May 14, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Tecnomatix Plant Simulation V2302 (before V2302.0011) contains an out-of-bounds write vulnerability triggered when reading malicious MODEL files. If a user opens a crafted MODEL file, the application may crash or execute arbitrary code with the user's privileges. Siemens has released V2302.0011 with a fix.

What this means
What could happen
A user could be tricked into opening a malicious MODEL file that crashes Tecnomatix Plant Simulation or executes arbitrary code on their engineering workstation with the user's privileges.
Who's at risk
Plant engineers and CAD operators at manufacturing facilities who use Tecnomatix Plant Simulation for 3D plant modeling and virtual commissioning. This includes automotive, heavy equipment, and discrete manufacturing sectors.
How it could be exploited
An attacker sends a crafted MODEL file to a plant engineer. When the engineer opens the file in Tecnomatix Plant Simulation, a buffer overflow in the file parser allows the attacker to execute commands on the workstation. This could be used to steal design files, modify plant simulation data, or pivot into the plant network.
Prerequisites
  • User must open a malicious MODEL file with Tecnomatix Plant Simulation
  • The affected version (before V2302.0011) must be installed
  • Social engineering or file sharing needed to deliver the malicious file
low complexityuser interaction requiredaffects engineering workstations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Tecnomatix Plant Simulation V2302<V2302.00112302.0011
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Tecnomatix Plant Simulation to V2302.0011 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/625281cc-1f3e-4488-a371-27422bb80c59