Vulnerabilites related to Siemens - Tecnomatix Plant Simulation V2302
cve-2024-52574
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52574", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:40.018851Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.549Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:10.791Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52574", datePublished: "2024-11-18T15:39:38.552Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:10.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23402
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:29
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.
An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23402", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:28:48.184791Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:29:22.710Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:18.241Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23402", datePublished: "2025-03-11T09:48:18.241Z", dateReserved: "2025-01-15T14:20:46.047Z", dateUpdated: "2025-03-11T14:29:22.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45474
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45474", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:31:40.050956Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:32:54.192Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:46.678Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45474", datePublished: "2024-10-08T08:40:35.938Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:46.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37374
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 16:59
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37374", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T16:59:42.616277Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T16:59:50.279Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:10.553Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37374", datePublished: "2023-07-11T09:07:26.462Z", dateReserved: "2023-07-03T13:24:27.345Z", dateUpdated: "2024-11-08T16:59:50.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38075
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:27.558Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38075", datePublished: "2023-09-12T09:32:19.039Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45466
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45466", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:54:14.322264Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:55:03.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:36.281Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45466", datePublished: "2024-10-08T08:40:24.789Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:36.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52569
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52569", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T18:56:43.464014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:57:44.608Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:04.159Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52569", datePublished: "2024-11-18T15:39:29.963Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:04.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45473
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45473", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:33:29.982590Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:34:24.919Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:45.407Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45473", datePublished: "2024-10-08T08:40:34.496Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:45.407Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44083
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44083", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:18.395402Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:31.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:34.659Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44083", datePublished: "2023-10-10T10:21:34.659Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:31.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38072
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:23.586Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38072", datePublished: "2023-09-12T09:32:15.739Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:13.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44087
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.030Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44087", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:12.487618Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:06.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:40.787Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44087", datePublished: "2023-10-10T10:21:40.787Z", dateReserved: "2023-09-25T08:18:20.818Z", dateUpdated: "2025-02-27T20:45:06.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45475
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2403.0000", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45475", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:24:10.037333Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-16T19:37:08.060Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:47.953Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45475", datePublished: "2024-10-08T08:40:37.369Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:47.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52567
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52567", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:02:36.401253Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:04:07.097Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:01.572Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52567", datePublished: "2024-11-18T15:39:26.910Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:01.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23803
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < * |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:19.548Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23803", datePublished: "2024-02-13T09:00:19.548Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-01T23:13:08.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45476
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45476", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:23:31.015742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:23:40.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:49.212Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45476", datePublished: "2024-10-08T08:40:38.819Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:49.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38070
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:21.001Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38070", datePublished: "2023-09-12T09:32:13.603Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32639
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | Tecnomatix Plant Simulation V2302 |
Version: 0 < V2302.0011 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2302.0011:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0011", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32639", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-28T19:50:12.033377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:51:09.106Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-923361.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0011", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T07:24:33.413Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-923361.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32639", datePublished: "2024-05-14T10:02:45.885Z", dateReserved: "2024-04-16T13:41:33.894Z", dateUpdated: "2024-08-02T02:13:40.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52570
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52570", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T18:54:23.506856Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:55:49.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:05.476Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52570", datePublished: "2024-11-18T15:39:32.522Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:05.476Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23399
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 15:05
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23399", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T15:02:55.935480Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:05:09.830Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:13.954Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23399", datePublished: "2025-03-11T09:48:13.954Z", dateReserved: "2025-01-15T14:20:46.047Z", dateUpdated: "2025-03-11T15:05:09.830Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38074
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:26.239Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38074", datePublished: "2023-09-12T09:32:17.948Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23801
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < * |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-23801", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T16:03:05.531765Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:53.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:13:07.365Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:16.989Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23801", datePublished: "2024-02-13T09:00:16.989Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-01T23:13:07.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52568
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.
An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52568", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:00:13.859137Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:01:12.420Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:02.868Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52568", datePublished: "2024-11-18T15:39:28.462Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:02.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52573
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52573", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:35.292347Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:09.478Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52573", datePublished: "2024-11-18T15:39:37.042Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:09.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38681
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:18:05.452383Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:18:14.715Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:23.381Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38681", datePublished: "2023-08-08T09:20:46.256Z", dateReserved: "2023-07-24T09:52:57.446Z", dateUpdated: "2024-10-11T13:18:14.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37376
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-07 17:59
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37376", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T17:59:41.050136Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T17:59:55.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:12.593Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37376", datePublished: "2023-07-11T09:07:28.531Z", dateReserved: "2023-07-03T13:24:27.346Z", dateUpdated: "2024-11-07T17:59:55.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45204
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2024-09-18 18:44
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45204", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T18:43:33.428433Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T18:44:39.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-704", description: "CWE-704: Incorrect Type Conversion or Cast", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:44.994Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-45204", datePublished: "2023-10-10T10:21:44.994Z", dateReserved: "2023-10-05T15:37:13.907Z", dateUpdated: "2024-09-18T18:44:39.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38073
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:24.893Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38073", datePublished: "2023-09-12T09:32:16.855Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45470
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45470", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:58:46.110148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:59:39.102Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:41.482Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45470", datePublished: "2024-10-08T08:40:30.348Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:41.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37246
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:10:15.367660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:10:22.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:07.501Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37246", datePublished: "2023-07-11T09:07:23.336Z", dateReserved: "2023-06-29T13:22:36.408Z", dateUpdated: "2024-11-08T17:10:22.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45467
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:38:23.939172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:39:16.044Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:37.546Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45467", datePublished: "2024-10-08T08:40:26.225Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:37.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52571
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52571", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T16:33:26.041394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:34:15.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:06.770Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52571", datePublished: "2024-11-18T15:39:34.061Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:06.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23796
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-27 14:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T16:59:53.971466Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-27T14:29:39.509Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:10.640Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23796", datePublished: "2024-02-13T09:00:10.640Z", dateReserved: "2024-01-22T10:34:49.955Z", dateUpdated: "2024-08-27T14:29:39.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38071
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-11-25 21:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38071", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T21:17:44.338467Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T21:17:56.790Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:22.297Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38071", datePublished: "2023-09-12T09:32:14.673Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-11-25T21:17:56.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38679
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:51
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38679", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:51:35.961319Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:51:47.510Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:21.363Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38679", datePublished: "2023-08-08T09:20:44.162Z", dateReserved: "2023-07-24T09:52:57.445Z", dateUpdated: "2024-10-11T13:51:47.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45465
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45465", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:55:28.386353Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:56:10.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:34.990Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45465", datePublished: "2024-10-08T08:40:23.411Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:34.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44081
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44081", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:21.197919Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:48.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:31.775Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44081", datePublished: "2023-10-10T10:21:31.775Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:48.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45601
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2024-09-19 14:07
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V35.0 |
Version: All versions < V35.0.262 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:16.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45601", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:07:38.593206Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:07:50.300Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.262", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.250", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V36.0.169", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:47.253Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-45601", datePublished: "2023-10-10T10:21:47.253Z", dateReserved: "2023-10-09T09:36:15.785Z", dateUpdated: "2024-09-19T14:07:50.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23797
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-16 19:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:07.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2301.0012", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2302.0006", status: "affected", version: "2302.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-23797", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T19:11:57.746728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T19:16:15.675Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:12.025Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23797", datePublished: "2024-02-13T09:00:12.025Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-16T19:16:15.675Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23802
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.424Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:18.318Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23802", datePublished: "2024-02-13T09:00:18.318Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-01T23:13:08.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44082
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44082", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:19.981746Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:39.822Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:32.863Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44082", datePublished: "2023-10-10T10:21:32.863Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:39.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23804
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-21 17:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2201.0012", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2302.0006", status: "affected", version: "2302.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-23804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T17:35:02.274329Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-21T17:39:08.064Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:20.764Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23804", datePublished: "2024-02-13T09:00:20.764Z", dateReserved: "2024-01-22T10:34:49.957Z", dateUpdated: "2024-08-21T17:39:08.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53041
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2024-12-10 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53041", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:17:30.639993Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:19.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:12.113Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-53041", datePublished: "2024-12-10T13:54:12.113Z", dateReserved: "2024-11-19T16:38:17.725Z", dateUpdated: "2024-12-10T17:17:19.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23400
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23400", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:57:36.559116Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:59:33.908Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:15.383Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23400", datePublished: "2025-03-11T09:48:15.383Z", dateReserved: "2025-01-15T14:20:46.047Z", dateUpdated: "2025-03-11T14:59:33.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23800
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < * |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-23800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T15:03:48.067264Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:53.092Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:15.818Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23800", datePublished: "2024-02-13T09:00:15.818Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-01T23:13:08.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44085
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:15.878313Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:19.821Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:38.664Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44085", datePublished: "2023-10-10T10:21:38.664Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:19.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52565
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52565", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T20:14:21.266990Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T20:15:13.258Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:58.951Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52565", datePublished: "2024-11-18T15:39:23.758Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:53:58.951Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35303
Vulnerability from cvelistv5
Published
2024-06-11 11:15
Modified
2024-08-02 03:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2302 |
Version: 0 < V2302.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35303", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-11T14:16:05.232020Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-11T14:16:23.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-900277.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0001", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-704", description: "CWE-704: Incorrect Type Conversion or Cast", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-11T14:20:58.467Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-900277.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-35303", datePublished: "2024-06-11T11:15:57.792Z", dateReserved: "2024-05-16T11:15:28.741Z", dateUpdated: "2024-08-02T03:07:46.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23401
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:31
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23401", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:30:32.123564Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:31:03.615Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:16.806Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23401", datePublished: "2025-03-11T09:48:16.806Z", dateReserved: "2025-01-15T14:20:46.047Z", dateUpdated: "2025-03-11T14:31:03.615Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38076
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:28.851Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38076", datePublished: "2023-09-12T09:32:20.160Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23795
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:09.340Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23795", datePublished: "2024-02-13T09:00:09.340Z", dateReserved: "2024-01-22T10:34:49.955Z", dateUpdated: "2024-08-01T23:13:08.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41170
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2024-09-10 15:08
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2302 |
Version: 0 < V2302.0015 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0015", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0004", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-41170", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:04:15.592651Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:08:25.467Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0015", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T09:36:44.999Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-427715.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-41170", datePublished: "2024-09-10T09:36:44.999Z", dateReserved: "2024-07-17T09:39:41.088Z", dateUpdated: "2024-09-10T15:08:25.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38680
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:18:33.968086Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:18:43.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:22.373Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38680", datePublished: "2023-08-08T09:20:45.202Z", dateReserved: "2023-07-24T09:52:57.445Z", dateUpdated: "2024-10-11T13:18:43.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45463
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45463", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:57:35.555424Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:58:18.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:32.457Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45463", datePublished: "2024-10-08T08:40:20.648Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:32.457Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45472
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45472", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:35:13.200910Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:36:03.973Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:44.084Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45472", datePublished: "2024-10-08T08:40:33.124Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:44.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44086
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44086", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:14.688729Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:12.805Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:39.731Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44086", datePublished: "2023-10-10T10:21:39.731Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:12.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45471
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45471", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:36:27.266520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:37:15.861Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:42.763Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45471", datePublished: "2024-10-08T08:40:31.722Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:42.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52572
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52572", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:30.237542Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:08.165Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52572", datePublished: "2024-11-18T15:39:35.577Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:08.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45469
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:00:04.351211Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:00:51.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:40.143Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45469", datePublished: "2024-10-08T08:40:28.955Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:40.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37247
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:32.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37247", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:05:01.820528Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:05:21.064Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:08.515Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37247", datePublished: "2023-07-11T09:07:24.367Z", dateReserved: "2023-06-29T13:22:36.408Z", dateUpdated: "2024-11-08T17:05:21.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52566
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:50:45.809688Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:51:41.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:00.271Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52566", datePublished: "2024-11-18T15:39:25.382Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:00.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44084
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44084", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:17.107801Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:25.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:36.220Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44084", datePublished: "2023-10-10T10:21:36.220Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:25.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-25266
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:22
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality.
This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2302 |
Version: 0 < V2302.0021 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25266", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:21:49.617519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:22:07.380Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality.\r\nThis could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-552", description: "CWE-552: Files or Directories Accessible to External Parties", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:19.594Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-507653.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-25266", datePublished: "2025-03-11T09:48:19.594Z", dateReserved: "2025-02-06T12:40:49.316Z", dateUpdated: "2025-03-11T14:22:07.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45468
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45468", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:01:11.210658Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:01:55.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:38.837Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45468", datePublished: "2024-10-08T08:40:27.584Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:38.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23398
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23398", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:45:05.413293Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:45:43.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:12.525Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23398", datePublished: "2025-03-11T09:48:12.525Z", dateReserved: "2025-01-15T14:20:46.047Z", dateUpdated: "2025-03-11T13:45:43.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23396
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23396", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:49:04.408654Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:49:18.776Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:09.716Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23396", datePublished: "2025-03-11T09:48:09.716Z", dateReserved: "2025-01-15T14:20:46.046Z", dateUpdated: "2025-03-11T13:49:18.776Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-23397
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:48
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-23397", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:47:07.609257Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:48:23.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:11.135Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-23397", datePublished: "2025-03-11T09:48:11.135Z", dateReserved: "2025-01-15T14:20:46.046Z", dateUpdated: "2025-03-11T13:48:23.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-25267
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 14:20
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2302 |
Version: 0 < V2302.0021 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25267", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:20:14.270383Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:20:34.812Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { cvssV4_0: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-552", description: "CWE-552: Files or Directories Accessible to External Parties", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:20.909Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-507653.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-25267", datePublished: "2025-03-11T09:48:20.909Z", dateReserved: "2025-02-06T12:40:49.316Z", dateUpdated: "2025-03-11T14:20:34.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23798
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-11-07 19:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < V2201.0012 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.490Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23798", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T16:35:26.619678Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T19:09:02.557Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "V2201.0012", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0006", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:13.285Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23798", datePublished: "2024-02-13T09:00:13.285Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-11-07T19:09:02.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37248
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:00
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37248", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:00:16.648033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:00:28.083Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:09.541Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37248", datePublished: "2023-07-11T09:07:25.432Z", dateReserved: "2023-06-29T13:25:52.761Z", dateUpdated: "2024-11-08T17:00:28.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37375
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-07 19:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37375", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T19:24:45.999048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T19:25:06.960Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:11.573Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37375", datePublished: "2023-07-11T09:07:27.503Z", dateReserved: "2023-07-03T13:24:27.346Z", dateUpdated: "2024-11-07T19:25:06.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53242
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2024-12-10 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53242", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:17:17.154033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:29.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:13.403Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-53242", datePublished: "2024-12-10T13:54:13.403Z", dateReserved: "2024-11-19T17:51:57.294Z", dateUpdated: "2024-12-10T17:17:29.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45464
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45464", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:56:24.994180Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:57:16.357Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:33.725Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45464", datePublished: "2024-10-08T08:40:22.016Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:33.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27438
Vulnerability from cvelistv5
Published
2025-03-11 09:48
Modified
2025-03-11 13:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.3 |
Version: 0 < V14.3.0.13 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27438", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T13:26:38.797340Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T13:26:49.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0009", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2412", vendor: "Siemens", versions: [ { lessThan: "V2412.0002", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0021", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0010", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:48:31.489Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-050438.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2025-27438", datePublished: "2025-03-11T09:48:31.489Z", dateReserved: "2025-02-25T16:39:12.235Z", dateUpdated: "2025-03-11T13:26:49.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23799
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: 0 < * |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-23799", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T16:06:28.614005Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:20:54.041Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T09:00:14.553Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-23799", datePublished: "2024-02-13T09:00:14.553Z", dateReserved: "2024-01-22T10:34:49.956Z", dateUpdated: "2024-08-01T23:13:08.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41846
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-09-26 14:12
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:49.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41846", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:12:12.847807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:12:24.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:36.000Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-41846", datePublished: "2023-09-12T09:32:36.000Z", dateReserved: "2023-09-04T08:59:29.324Z", dateUpdated: "2024-09-26T14:12:24.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }