Full Report
Tecnomatix Plant Simulation contains an out of bounds write vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. Siemens has released a new version for Tecnomatix Plant Simulation V2302 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Out of Bounds Write in Tecnomatix Plant Simulation MODEL File Parsing
## CVE Details
- CVE ID: CVE-2024-32639
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High)
- CWE: CWE-787: Out-of-bounds Write
## Affected Systems
- Products: Tecnomatix Plant Simulation
- Versions: All versions of V2302 prior to V2302.0011
- Configurations: Triggered when the application parses a specially crafted MODEL file.
## Vulnerability Description
The vulnerability is an **Out-of-bounds Write** flaw residing in the file parsing logic for `.MODEL` files within Tecnomatix Plant Simulation. An attacker can trigger this vulnerability by persuading a user to open a malicious MODEL file. Successful exploitation could lead to arbitrary code execution within the context of the current process, or at minimum, cause an application crash.
## Exploitation
- Status: PoC available (Implied by ZDI disclosure, though not explicitly stated as public)
- Complexity: Low (CVSS AV:L/AC:L suggests local context, but UI:R indicates user interaction is required)
- Attack Vector: Local (Requires user interaction to open the file)
*(Note: CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating Local attack vector, Low complexity, No privileges required, User Interaction required.)*
## Impact
- Confidentiality: High (Potential RCE can read and exfiltrate data)
- Integrity: High (Potential RCE can modify system state/files)
- Availability: High (Guaranteed crash if exploitation fails or is incomplete)
## Remediation
### Patches
- Update Tecnomatix Plant Simulation to **V2302.0011 or later**. Access updates via Siemens Support: `https://support.sw.siemens.com/`
### Workarounds
- **Do not open untrusted MODEL files from unknown sources.**
## Detection
- **Indicators of compromise:** Application crashes during MODEL file opening, or unexpected process behavior originating from the Plant Simulation application.
- **Detection methods and tools:** Monitor file access events for suspicious `.MODEL` files being opened by the Plant Simulation application, especially from untrusted sources or temporary locations.
## References
- Vendor Advisories: SSA-923361
- Relevant links: `https://cert-portal.siemens.com/productcert/html/ssa-923361.html`