Rewterz Threat Advisory – ICS: Multiple Siemens Tecnomatix Plant Simulation Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-23798 CVSS: 7.8

Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.

CVE-2024-23795 CVSS: 7.8

Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted WRL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-23796 CVSS: 7.8

Siemens Tecnomatix Plant Simulation is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.

CVE-2024-23804 CVSS: 7.8

Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted PSOBJ file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.

CVE-2024-23797 CVSS: 7.8

Siemens Tecnomatix Plant Simulation is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted WRL file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.

CVE-2024-23799 CVSS: 3.3

Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-23803 CVSS: 7.8

Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted SPP file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-23801 CVSS: 3.3

Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-23800 CVSS: 3.3

Siemens Tecnomatix Plant Simulation is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted SPP file, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-23802 CVSS: 7.8

Siemens Tecnomatix Plant Simulation could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read. By persuading a victim to open a specially crafted SPP file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Denial of Service
• Buffer Overflow
• Code Execution

Indicators Of Compromise

CVE

• CVE-2024-23798
• CVE-2024-23795
• CVE-2024-23796
• CVE-2024-23804
• CVE-2024-23797
• CVE-2024-23799
• CVE-2024-23803
• CVE-2024-23801
• CVE-2024-23800
• CVE-2024-23802

Affected Vendors

Siemens

Affected Products

• Siemens Tecnomatic Plant Simulation 2201.0011
• Siemens Tecnomatix Plant Simulation 2302.0004
• Siemens Tecnomatic Plant Simulation 2302.0005

Remediation

Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.

Siemens Security Advisory