CVE-2024-52572: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2024-52572) has been identified in multiple versions of Siemens software products, including Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). The vulnerability was discovered and reported by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on November 18, 2024 (ZDI Advisory, Siemens Advisory).

The vulnerability exists in the parsing of WRL files, where the application fails to properly validate the length of user-supplied data before copying it to a fixed-length stack-based buffer. This vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 base score of 7.3 with vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (Siemens Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process, potentially leading to complete system compromise. The attack requires user interaction, as the target must open a malicious WRL file (ZDI Advisory).

Siemens has released security updates to address this vulnerability and recommends users update to the following versions: Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, V2312 to V2312.0008 or later, and V2406 to V2406.0005 or later. For Tecnomatix Plant Simulation, update to V2302.0018 or V2404.0007 or later. As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory).