Severity
Medium
Analysis Summary
CVE-2024-23798 CVSS: 7.8
Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVE-2024-23795 CVSS: 7.8
Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted WRL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-23796 CVSS: 7.8
Siemens Tecnomatix Plant Simulation is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVE-2024-23804 CVSS: 7.8
Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted PSOBJ file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVE-2024-23797 CVSS: 7.8
Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
CVE-2024-23799 CVSS: 3.3
Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23803 CVSS: 7.8
Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted SPP file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-23801 CVSS: 3.3
Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23800 CVSS: 3.3
Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-23802 CVSS: 7.8
Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read. By persuading a victim to open a specially crafted SPP file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Buffer Overflow
- Code Execution
Indicators Of Compromise
CVE
- CVE-2024-23798
- CVE-2024-23795
- CVE-2024-23796
- CVE-2024-23804
- CVE-2024-23797
- CVE-2024-23799
- CVE-2024-23803
- CVE-2024-23801
- CVE-2024-23800
- CVE-2024-23802
Affected Vendors
Siemens
Affected Products
- Siemens Tecnomatic Plant Simulation 2201.0011
- Siemens Tecnomatix Plant Simulation 2302.0004
- Siemens Tecnomatic Plant Simulation 2302.0005
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.