Full Report
Tecnomatix Plant Simulation contains a type confusion vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Type Confusion in Tecnomatix Plant Simulation MODEL File Parsing
## CVE Details
- CVE ID: CVE-2024-35303
- CVSS Score: 7.8 (High) [CVSS v3.1] / 7.3 (High) [CVSS v4.0]
- CWE: CWE-704: Incorrect Type Conversion or Cast
## Affected Systems
- Products: Tecnomatix Plant Simulation
- Versions:
- V2302: All versions prior to V2302.0012
- V2404: All versions prior to V2404.0001
- Configurations: Triggered when reading crafted MODEL files.
## Vulnerability Description
Tecnomatix Plant Simulation contains a type confusion vulnerability during the parsing of specially crafted MODEL files. Successful exploitation can allow an attacker to execute arbitrary code within the context of the current process by tricking a user into opening a malicious file.
## Exploitation
- Status: PoC available (Implied by ZDI coordination and risk assessment, though not explicitly stated as "in the wild")
- Complexity: Low (CVSS AC:L in v3.1 suggests low attack complexity related to prerequisites, though v4.0 shows AC:H, suggesting prerequisites for exploit execution might be involved related to environment setup)
- Attack Vector: Local/User Interaction required (v3.1 AV:L suggests local access might be needed, but requiring UI:R suggests user interaction via file open is the vector). Impact requires the user to open the malicious file.
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- Tecnomatix Plant Simulation V2302: Update to **V2302.0012** or later version.
- Tecnomatix Plant Simulation V2404: Update to **V2404.0001** or later version.
(Links for updates provided via Siemens support portal.)
### Workarounds
- Do not open untrusted MODEL files from unknown sources.
- Apply general security recommendations provided by Siemens, including protecting network access to devices per operational guidelines.
## Detection
- Indicators of Compromise: System crashes following the opening of untrusted files, or potentially unauthorized process execution originating from the Plant Simulation application context.
- Detection methods and tools: Monitor for unusual file access/loading behaviors involving MODEL files from untrusted origins. Implement strict file source verification.
## References
- Vendor Advisory: SSA-900277 (Siemens)
- Siemens Support Portal for Updates: hXXps://support.sw.siemens.com/en-US/product/297028302/
- Siemens Industrial Security Information: hXXps://www.siemens.com/industrialsecurity
- Siemens Operational Guidelines: hXXps://www.siemens.com/cert/operational-guidelines-industrial-security