CVE-2024-23797: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

A stack overflow vulnerability has been identified in Siemens Tecnomatix Plant Simulation V2201 (All versions < V2201.0012) and V2302 (All versions < V2302.0006) while parsing specially crafted WRL files. The vulnerability was discovered and disclosed in February 2024 (CISA, Siemens Advisory).

The vulnerability (CVE-2024-23797) stems from a lack of proper validation of user-supplied data length before copying it to a stack-based buffer. It has been assigned a CVSS v3.1 base score of 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and a CVSS v4.0 base score of 7.3 (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). The vulnerability is classified under CWE-121: Stack-based Buffer Overflow (ZDI, CISA).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The attack requires user interaction, specifically opening a malicious file (ZDI, Siemens Advisory).

Siemens has released updates to address this vulnerability and recommends updating to V2201.0012 or later version for V2201 users, and V2302.0006 or later version for V2302 users. Additionally, users are advised not to open untrusted WRL files using Tecnomatix Plant Simulation. As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms and configuring the environment according to Siemens' operational guidelines for Industrial Security (Siemens Advisory).