PatchSiren cyber security CVE debrief
CVE-2024-52566 Siemens CVE debrief
CVE-2024-52566 is a high-severity out-of-bounds write vulnerability in Siemens Teamcenter Visualization affecting versions V14.2, V14.3, V2312, and V2406. The flaw occurs when parsing specially crafted WRL (VRML) files, which could allow an attacker to execute arbitrary code in the context of the current process. This vulnerability was disclosed on December 10, 2024, and was reported through the Zero Day Initiative (ZDI-CAN-24233). The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction. Siemens has released patched versions for all affected product lines, and CISA has published an advisory recommending defensive measures including avoiding untrusted WRL files.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.2
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-10
- Advisory updated
- 2025-05-06
Who should care
Organizations using Siemens Teamcenter Visualization for product lifecycle management and digital mockup review, particularly in manufacturing, aerospace, automotive, and industrial sectors. Security teams responsible for OT/ICS environments, CAD/CAM workstation administrators, and engineers who exchange 3D visualization files externally should prioritize this patch.
Technical summary
The vulnerability exists in the WRL (VRML) file parsing component of Siemens Teamcenter Visualization. An out-of-bounds write condition can be triggered when processing a malformed WRL file, potentially corrupting memory and enabling arbitrary code execution within the context of the affected application. The attack requires local access and user interaction (opening a malicious file), but does not require privileges. The vulnerability affects four product versions: V14.2, V14.3, V2312, and V2406. Siemens has addressed this through memory handling corrections in patched releases.
Defensive priority
high
Recommended defensive actions
- Apply vendor patches: update Teamcenter Visualization V14.2 to V14.2.0.14 or later, V14.3 to V14.3.0.12 or later, V2312 to V2312.0008 or later, and V2406 to V2406.0005 or later
- Implement application whitelisting to restrict execution of unapproved software
- Train users to avoid opening WRL files from untrusted sources
- Deploy endpoint detection and response (EDR) solutions to monitor for anomalous process behavior
- Segment networks to isolate engineering workstations from untrusted networks
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability disclosed via CISA ICS advisory ICSA-24-347-09 on December 10, 2024. Affected products confirmed through Siemens CSAF product tree. CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H sourced from CISA advisory. ZDI reference ZDI-CAN-24233 noted in advisory description. Remediation versions confirmed: V14.2.0.14+, V14.3.0.12+, V2312.0008+, V2406.0005+. Advisory revised May 6, 2025 for typo corrections only.
Official resources
-
CVE-2024-52566 CVE record
CVE.org
-
CVE-2024-52566 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-10