CVE-2025-23397
Published: 11 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-23397 is a memory corruption vulnerability (CWE-119) affecting Siemens Teamcenter Visualization versions V14.3 (all versions prior to V14.3.0.13), V2312 (prior to V2312.0009), V2406 (prior to V2406.0007), and V2412 (prior to V2412.0002), as well as Tecnomatix Plant Simulation versions V2302 (prior to V2302.0021) and V2404 (prior to V2404.0010). The issue arises during the parsing of specially crafted WRL files, which can trigger the corruption.
With a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the vulnerability can be exploited by a local attacker requiring no privileges but relying on user interaction. An attacker could craft a malicious WRL file and convince a user to open it within an affected application, potentially achieving arbitrary code execution in the context of the current process.
The Siemens product CERT advisory (SSA-050438) details mitigation through updating to the specified patched versions or later. Further information, including full patch details, is available at https://cert-portal.siemens.com/productcert/html/ssa-050438.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Memory corruption in WRL file parser enables arbitrary code execution upon opening a crafted file (T1203 Exploitation for Client Execution); requires user to open malicious file (T1204.002 Malicious File).