CVE-2024-45463: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-45463) has been identified in multiple versions of Siemens software products, including Teamcenter Visualization (V14.2, V14.3, V2312) and Tecnomatix Plant Simulation (V2302, V2404). The vulnerability was discovered and disclosed in October 2024, with updates released through December 2024. The issue involves an out-of-bounds read vulnerability that occurs while parsing specially crafted WRL files (Siemens Advisory, NVD).

The vulnerability is classified as an out-of-bounds read past the end of an allocated structure (CWE-125) that occurs during the parsing of specially crafted WRL files. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 Base Score of 7.3 (HIGH) with vector CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (Siemens Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current process, potentially leading to full system compromise. The vulnerability affects multiple versions of Siemens industrial software products, which are commonly used in manufacturing and industrial environments (Siemens Advisory).

Siemens has released security updates for affected products and recommends updating to the following versions: Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, V2312 to V2312.0008 or later, and Tecnomatix Plant Simulation V2302 to V2302.0016 or later, V2404 to V2404.0005 or later. As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory).