CVE-2024-52567 Siemens CVE debrief

Who should care

Organizations using Siemens Teamcenter Visualization for CAD data visualization and collaboration, particularly in industrial and manufacturing environments. Security teams responsible for ICS/OT asset protection should prioritize patching due to the high CVSS score and potential for code execution.

Technical summary

An out-of-bounds read vulnerability exists in Siemens Teamcenter Visualization when parsing specially crafted WRL (VRML) files. The vulnerability stems from reading past the end of an allocated structure during file parsing. Successful exploitation allows arbitrary code execution in the context of the current process. The attack requires local access and user interaction (opening a malicious WRL file). The vulnerability affects four product versions: V14.2, V14.3, V2312, and V2406. Siemens has released patched versions for all affected products.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor security updates: Update Teamcenter Visualization V14.2 to V14.2.0.14 or later; V14.3 to V14.3.0.12 or later; V2312 to V2312.0008 or later; and V2406 to V2406.0005 or later.
• As an interim mitigation, do not open untrusted WRL files in affected applications.
• Implement defense-in-depth strategies for industrial control systems environments per CISA guidance.
• Monitor for suspicious WRL file handling activity in affected environments.

Evidence notes

The vulnerability description and affected product versions are sourced from CISA CSAF advisory ICSA-24-347-09. The ZDI reference (ZDI-CAN-24237) indicates this was reported through Trend Micro's Zero Day Initiative. Siemens has published corresponding security advisory SSA-645131.

Official resources