PT-2025-10735 · Siemens · Tecnomatix Plant Simulation
Published
2025-03-11
·
Updated
2025-03-11
·
CVE-2025-25266
CVSS v3.1
6.8
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Tecnomatix Plant Simulation V2302 versions prior to V2302.0021
Tecnomatix Plant Simulation V2404 versions prior to V2404.0010
Description
The affected application does not properly restrict access to the file deletion functionality, which could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.
Recommendations
For Tecnomatix Plant Simulation V2302 versions prior to V2302.0021, update to version V2302.0021 or later to resolve the issue.
For Tecnomatix Plant Simulation V2404 versions prior to V2404.0010, update to version V2404.0010 or later to resolve the issue.
As a temporary workaround, consider restricting access to the file deletion functionality to minimize the risk of exploitation.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tecnomatix Plant Simulation