As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 7.3
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Teamcenter Visualization and Tecnomatrix Plant Simulation
- Vulnerabilities: Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Read, Use After Free
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause the application to crash or potentially lead to arbitrary code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports the following products are affected:
- Teamcenter Visualization V14.3: Versions prior to V14.3.0.13
- Teamcenter Visualization V2312: Versions prior to V2312.0009
- Teamcenter Visualization V2406: Versions prior to V2406.0007
- Teamcenter Visualization V2412: Versions prior to V2412.0002
- Tecnomatix Plant Simulation V2302: Versions prior to V2302.0021
- Tecnomatix Plant Simulation V2404: Versions prior to V2404.0010
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
The affected applications contain an out-of-bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.
CVE-2025-23396 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS ve
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: