Severity
High
Analysis Summary
CVE-2024-52566 CVSS:7.8
Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when parsing a specially crafted WRL file. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-47942 CVSS:7.3
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-52566
- CVE-2024-47942
Affected Vendors
Siemens
Affected Products
- Siemens Tecnomatix Plant Simulation V2302
- Siemens Tecnomatix Plant Simulation V2404
- Siemens Solid Edge Se2024 224.0 Update 9
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.