CVE-2024-45471

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Tecnomatix Plant Simulation versions prior to V2302.0016 Tecnomatix Plant Simulation versions prior to V2404.0005

Description: The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to the processing of WRL files and can be exploited to execute arbitrary code.

Recommendations: For Teamcenter Visualization versions prior to V14.2.0.14, update to version V14.2.0.14 or later. For Teamcenter Visualization versions prior to V14.3.0.12, update to version V14.3.0.12 or later. For Teamcenter Visualization versions prior to V2312.0008, update to version V2312.0008 or later. For Tecnomatix Plant Simulation versions prior to V2302.0016, update to version V2302.0016 or later. For Tecnomatix Plant Simulation versions prior to V2404.0005, update to version V2404.0005 or later. As a temporary workaround, consider restricting the processing of WRL files until a patch is available. Avoid using the vulnerable WRL file parsing functionality in the affected applications until the issue is resolved.