SecuriTricks - CVE-2024-52568

Description

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)

Product(s) Impacted

Vendor	Product	Versions
Siemens	Tecnomatix Plant Simulation	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	siemens	tecnomatix_plant_simulation	/	/	/	/	/	/	/	/
a	siemens	tecnomatix_plant_simulation	/	/	/	/	/	/	/	/

References

https://cert-portal.siemens.com/productcert/html/ssa-645131.html

https://cert-portal.siemens.com/productcert/html/ssa-824503.html

CVSS Score

7.8 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Nov. 18, 2024, 4:15 p.m.
Last Modified: Dec. 10, 2024, 2:30 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productcert@siemens.com

CVE-2024-52568