Siemens Tecnomatix Plant Simulation Improper Access Control Vulnerability Allowing Confidentiality Compromise
Vulnerability
A vulnerability exists in Siemens Tecnomatix Plant Simulation versions V2302 (prior to V2302.0021) and V2404 (prior to V2404.0010). The issue arises because the application fails to adequately restrict file access for simulation models, potentially allowing unauthorized attackers to read or delete arbitrary files, or even access the entire filesystem on the device. This lack of proper access control could lead to a compromise of system confidentiality.
Impact
Exploitation of this vulnerability could result in unauthorized access to files, including the potential to read sensitive information or delete critical files, leading to data loss or disruption of system functionality.
Remediation
Users are advised to update Tecnomatix Plant Simulation to version V2302.0021 or V2404.0010 or later. Additional guidance can be found on the Siemens Support website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.