CVE-2024-45472 Siemens CVE debrief

Who should care

Organizations using Siemens Teamcenter Visualization for product lifecycle management and visualization, particularly in industrial and manufacturing environments where WRL/VRML files are exchanged. Security teams responsible for ICS/OT asset protection and patch management should prioritize this update due to the HIGH severity and potential for code execution.

Technical summary

CVE-2024-45472 is a memory corruption vulnerability in Siemens Teamcenter Visualization affecting versions V14.2, V14.3, and V2312. The flaw occurs during parsing of specially crafted WRL (VRML) files and can lead to arbitrary code execution in the context of the current process. The vulnerability requires local access and user interaction (opening a malicious file), with low attack complexity. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Siemens released security updates in December 2024; CISA published advisory ICSA-24-347-09 on 2024-12-10 with a revision on 2025-05-06 correcting typos.

Defensive priority

high

Recommended defensive actions

• Update Teamcenter Visualization V14.2 to version 14.2.0.14 or later
• Update Teamcenter Visualization V14.3 to version 14.3.0.12 or later
• Update Teamcenter Visualization V2312 to version V2312.0008 or later
• Do not open untrusted WRL files in affected applications
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

CVE published 2024-12-10; modified 2025-05-06. Source: CISA CSAF advisory ICSA-24-347-09. Vendor fix versions confirmed in CSAF remediations section.

Official resources