CVE-2024-45476 Siemens CVE debrief

Who should care

Organizations using Siemens Teamcenter Visualization for CAD data visualization and collaboration, particularly in industrial and manufacturing environments where WRL files may be exchanged between teams or external partners. Security teams responsible for OT/ICS environments should prioritize patching during regular maintenance windows given the low severity but clear availability impact.

Technical summary

The vulnerability is a null pointer dereference occurring during parsing of WRL (VRML) files in Teamcenter Visualization. The flaw is triggered when the application processes a specially crafted WRL file, causing an unhandled null pointer dereference that results in application termination. This is a local attack vector requiring user interaction to open the malicious file. The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L indicates local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and low availability impact. No confidentiality or integrity impacts are associated with this vulnerability.

Defensive priority

low

Recommended defensive actions

• Apply vendor patches: Update Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, or V2312 to V2312.0008 or later
• Implement user awareness training to avoid opening untrusted WRL files from unknown sources
• Consider application whitelisting and endpoint protection to restrict execution of untrusted files
• Follow CISA ICS recommended practices for defense-in-depth strategies
• Monitor for anomalous application crashes in Teamcenter Visualization as potential indicators of exploitation attempts

Evidence notes

CISA published advisory ICSA-24-347-09 on 2024-12-10, with a revision on 2025-05-06 to fix typos. The vulnerability was disclosed through coordinated disclosure between Siemens and CISA.

Official resources