CVE-2025-23396

March 11, 2025, 10:15 a.m.

7.8
High

Description

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

Product(s) Impacted

Vendor Product Versions
Siemens
  • Teamcenter Visualization
  • Tecnomatix Plant Simulation
  • 14.3, 2312, 2406, 2412
  • 2302, 2404

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a siemens teamcenter_visualization 14.3 / / / / / / /
a siemens teamcenter_visualization 2312 / / / / / / /
a siemens teamcenter_visualization 2406 / / / / / / /
a siemens teamcenter_visualization 2412 / / / / / / /
a siemens tecnomatix_plant_simulation 2302 / / / / / / /
a siemens tecnomatix_plant_simulation 2404 / / / / / / /

References

https://cert-portal.siemens.com/productcert/html/ssa-050438.html

Tags

CWE-787
productcert@siemens.com
2025-03-11
CVE-2025-23396

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: March 11, 2025, 10:15 a.m.
Last Modified: March 11, 2025, 10:15 a.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

productcert@siemens.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.