CVE-2024-45464 Siemens CVE debrief

Who should care

Organizations using Siemens Teamcenter Visualization for CAD data visualization and collaboration, particularly in manufacturing, aerospace, automotive, and industrial design sectors. Security teams in OT/ICS environments should prioritize patching due to potential lateral movement risks if visualization workstations have access to critical systems.

Technical summary

The vulnerability stems from improper bounds checking during WRL (VRML) file parsing in Teamcenter Visualization. When a malformed WRL file is processed, the application reads beyond allocated memory structures, potentially corrupting memory and enabling arbitrary code execution within the process context. The attack requires local access and social engineering to deliver and open the malicious file. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability despite the local attack vector and required user interaction.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor patches: Update Teamcenter Visualization V14.2 to version 14.2.0.14 or later, V14.3 to version 14.3.0.12 or later, and V2312 to version V2312.0008 or later
• Implement user awareness training to prevent opening untrusted WRL files from unknown sources
• Consider application whitelisting and file type restrictions to block unauthorized WRL file execution
• Deploy endpoint detection and response (EDR) solutions to monitor for suspicious process behavior following file parsing operations
• Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments

Evidence notes

Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-347-09. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector requiring user interaction. Vendor fix versions specified in CSAF remediations section.

Official resources