PT-2024-2702 · Siemens · Tecnomatix Plant Simulation
Published
2024-01-03
·
Updated
2024-02-15
·
CVE-2024-23797
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tecnomatix Plant Simulation versions prior to V2201.0012
Tecnomatix Plant Simulation versions prior to V2302.0006
Description
A stack overflow vulnerability has been identified in the affected applications while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to a buffer overflow in the stack.
Recommendations
For versions prior to V2201.0012, update to version V2201.0012 or later.
For versions prior to V2302.0006, update to version V2302.0006 or later.
As a temporary workaround, consider restricting the use of WRL files in the affected applications until a patch is available. Avoid using specially crafted WRL files that could trigger the stack overflow vulnerability.
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tecnomatix Plant Simulation