CVE-2024-45470 Siemens CVE debrief

Who should care

Organizations using Siemens Teamcenter Visualization for product lifecycle management and digital mockup review, particularly in manufacturing, aerospace, automotive, and industrial sectors. Security teams responsible for OT/ICS environments, CAD/CAM workstation administrators, and users who exchange 3D visualization files with external partners should prioritize patching.

Technical summary

The vulnerability stems from improper bounds checking during WRL file parsing in Teamcenter Visualization. A malformed VRML file can trigger an out-of-bounds write condition, corrupting memory and potentially enabling arbitrary code execution. The attack requires the attacker to deliver a malicious WRL file and convince a user to open it in the affected application. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, though the attack complexity is low and privileges are not required. The vulnerability is not remotely exploitable without user interaction.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor patches: update Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, and V2312 to V2312.0008 or later
• Implement application whitelisting to prevent execution of unapproved visualization software
• Train users to avoid opening WRL files from untrusted sources
• Consider network segmentation for systems running Teamcenter Visualization to limit lateral movement potential
• Monitor for anomalous process behavior or unexpected crashes in visualization applications

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-347-09 with CSAF-formatted data. Siemens published corresponding security advisory SSA-645131. CVSS 3.1 vector confirms local attack vector with user interaction required.

Official resources