CVE-2024-23802

Published: Feb 13, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Affected (2)

Products: Siemens: Tecnomatix Plant Simulation

1 product

Tecnomatix Plant Simulation

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Tecnomatix Plant Simulation	Before 2201.0012
Siemens Tecnomatix Plant Simulation	From 2302.0 to 2302.0006

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-017796.html

Source: productcert@siemens.com

MitigationPatchVendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-017796.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.