CVE-2024-45468: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2024-45468) has been identified in multiple versions of Siemens software products, including Teamcenter Visualization (V14.2, V14.3, V2312) and Tecnomatix Plant Simulation (V2302, V2404). The vulnerability was discovered and disclosed in October 2024, with updates released in December 2024. The vulnerability affects the application's handling of specially crafted WRL files (Siemens Advisory, NVD).

The vulnerability is classified as a memory corruption issue that occurs while parsing specially crafted WRL files. It has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 Base Score of 7.3 with vector CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vulnerability is categorized under CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (Siemens Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current process. The vulnerability affects the confidentiality, integrity, and availability of the system, as indicated by the high impact scores across all three categories in the CVSS rating (Siemens Advisory).

Siemens has released security updates for all affected products and recommends updating to the following versions: Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, V2312 to V2312.0008 or later, and Tecnomatix Plant Simulation V2302 to V2302.0016 or later, V2404 to V2404.0005 or later. As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory, Siemens Advisory).