CVE-2025-23402: 
Siemens Tecnomatix Plant Simulation vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-23402) has been identified in multiple versions of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation software. The vulnerability was discovered by Jin Huang from ADLab of Venustech and disclosed on March 11, 2025. The affected software versions include Teamcenter Visualization V14.3 (versions prior to V14.3.0.13), V2312 (prior to V2312.0009), V2406 (prior to V2406.0007), V2412 (prior to V2412.0002), and Tecnomatix Plant Simulation V2302 (prior to V2302.0021) and V2404 (prior to V2404.0010) (Siemens Advisory).

The vulnerability is triggered while parsing specially crafted WRL files, resulting in a use-after-free condition that could be exploited. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 Base Score of 7.3 with the vector string CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vulnerability is classified under CWE-416: Use After Free (CISA Advisory, Siemens Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability requires user interaction, specifically opening a maliciously crafted WRL file, to be exploited (Siemens Advisory).

Siemens has released updates for all affected products and recommends users update to the latest versions: Teamcenter Visualization V14.3 to V14.3.0.13 or later, V2312 to V2312.0009 or later, V2406 to V2406.0007 or later, V2412 to V2412.0002 or later, and Tecnomatix Plant Simulation V2302 to V2302.0021 or later, V2404 to V2404.0010 or later. As a workaround, users are advised not to open untrusted WRL files in affected applications (Siemens Advisory).