CVE-2024-45466: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

CVE-2024-45466 is an out-of-bounds read vulnerability affecting multiple versions of Siemens software products, including Teamcenter Visualization (V14.2, V14.3, V2312) and Tecnomatix Plant Simulation (V2302, V2404). The vulnerability was discovered and disclosed in October 2024, with updates released in December 2024. The vulnerability exists in the WRL file parsing functionality of these applications (Siemens Advisory, CISA Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs when parsing specially crafted WRL files. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 score of 7.3 with vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (Siemens Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process, potentially leading to arbitrary code execution. The vulnerability affects confidentiality, integrity, and availability of the affected systems (CISA Advisory).

Siemens has released updates to address the vulnerability and recommends updating to the following versions: Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, V2312 to V2312.0008 or later, and Tecnomatix Plant Simulation V2302 to V2302.0016 or later, V2404 to V2404.0005 or later. As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory).