PT-2021-17436 · Siemens · Tecnomatix Plant Simulation

Francis Provencher

Published

2021-03-10

Updated

2022-04-25

CVE-2021-27397

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tecnomatix Plant Simulation versions prior to 16.0.5

Description A memory corruption condition can occur due to the lack of proper validation of user-supplied data when parsing SPP files in the PlantSimCore.dll library. This could allow an attacker to execute code in the context of the current process.

Recommendations For versions prior to 16.0.5, update to version 16.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to SPP files to minimize the risk of exploitation.

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2025-07815

CVE-2021-27397

ZDI-21-569

Affected Products

Tecnomatix Plant Simulation

PT-2021-17436 · Siemens · Tecnomatix Plant Simulation

CVE-2021-27397

Weakness Enumeration

Related Identifiers

Affected Products

References · 5