Siemens Teamcenter Visualization and Tecnomatix Plant Simulation Out-of-Bounds Read Vulnerability Allowing Code Execution

A vulnerability exists in Siemens Teamcenter Visualization versions 14.3 prior to 14.3.0.13, V2312 prior to V2312.0009, V2406 prior to V2406.0007, and V2412 prior to V2412.0002, as well as in Tecnomatix Plant Simulation versions V2302 prior to V2302.0021 and V2404 prior to V2404.0010. The vulnerability involves an out-of-bounds read past the end of an allocated structure when the application parses specially crafted WRL files. This flaw could enable an attacker to execute code within the context of the current process.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the current process.

Remediation

Users are advised to update to the latest versions of the affected products. For Teamcenter Visualization, update to version 14.3.0.13 or later, version V2312.0009 or later, version V2406.0007 or later, and version V2412.0002 or later. For Tecnomatix Plant Simulation, update to version V2302.0021 or later and version V2404.0010 or later.