CVE-2024-52573

Name of the Vulnerable Software and Affected Versions Tecnomatix Plant Simulation versions prior to V2302.0018 Tecnomatix Plant Simulation versions prior to V2404.0007 Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005

Description The issue is related to an out of bounds write vulnerability when parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. The vulnerability is associated with the recording of data beyond the buffer boundaries.

Recommendations For Tecnomatix Plant Simulation versions prior to V2302.0018, update to version V2302.0018 or later. For Tecnomatix Plant Simulation versions prior to V2404.0007, update to version V2404.0007 or later. For Teamcenter Visualization versions prior to V14.2.0.14, update to version V14.2.0.14 or later. For Teamcenter Visualization versions prior to V14.3.0.12, update to version V14.3.0.12 or later. For Teamcenter Visualization versions prior to V2312.0008, update to version V2312.0008 or later. For Teamcenter Visualization versions prior to V2406.0005, update to version V2406.0005 or later. As a temporary workaround, consider restricting the use of WRL files in the affected applications until a patch is available. Avoid using specially crafted WRL files in the affected API endpoints until the issue is resolved.