Siemens Teamcenter Visualization and Tecnomatix Plant Simulation Memory Corruption Vulnerability Allowing Code Execution

A memory corruption vulnerability has been identified in multiple versions of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation. The issue arises while the applications parse specially crafted WRL files, potentially allowing an attacker to execute code in the context of the current process. Affected products include Teamcenter Visualization V14.3 (all versions prior to V14.3.0.13), V2312 (all versions prior to V2312.0009), V2406 (all versions prior to V2406.0007), V2412 (all versions prior to V2412.0002), Tecnomatix Plant Simulation V2302 (all versions prior to V2302.0021) and V2404 (all versions prior to V2404.0010).

Impact

Exploitation of this vulnerability could lead to memory corruption, allowing for arbitrary code execution in the context of the current process.

Remediation

Users are advised to update to the latest versions of the affected products. Specific update instructions can be found on the Siemens Support website. As a general security measure, Siemens recommends not opening untrusted WRL files in the affected applications.