CVE-2023-24978
First published: Tue Feb 14 2023(Updated: )
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Tecnomatix Plant Simulation | <2201.0006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-24978?
CVE-2023-24978 is considered a medium severity vulnerability due to the potential for code execution.
How do I fix CVE-2023-24978?
To fix CVE-2023-24978, upgrade to Siemens Tecnomatix Plant Simulation version 2201.0006 or later.
What versions of Tecnomatix Plant Simulation are affected by CVE-2023-24978?
CVE-2023-24978 affects all versions of Tecnomatix Plant Simulation prior to version 2201.0006.
What type of attack can exploit CVE-2023-24978?
An attacker can exploit CVE-2023-24978 by crafting a specially designed SPP file that leads to uninitialized pointer access.
Is user intervention required for the exploitation of CVE-2023-24978?
Yes, user intervention is required as the exploit occurs when the specially crafted SPP file is processed by the application.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/siemens
- canonical/siemens tecnomatix plant simulation