PatchSiren cyber security CVE debrief
CVE-2024-52571 Siemens CVE debrief
CVE-2024-52571 is a high-severity out-of-bounds write vulnerability in Siemens Teamcenter Visualization affecting versions V14.2, V14.3, V2312, and V2406. The flaw exists in the parsing of specially crafted WRL (VRML) files and can lead to arbitrary code execution in the context of the current process. The vulnerability was disclosed via CISA ICS Advisory ICSA-24-347-09 on December 10, 2024, with Siemens publishing coordinated security advisory SSA-645131. The issue was originally reported through the Zero Day Initiative (ZDI-CAN-24485). Siemens has released patched versions for all affected product lines, and CISA recommends updating to these fixed versions as the primary remediation. As a defense-in-depth measure, users should avoid opening untrusted WRL files in affected applications. No known exploitation in the wild has been reported, and this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.2
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-10
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-12-10
- Advisory updated
- 2025-05-06
Who should care
Organizations using Siemens Teamcenter Visualization for CAD data visualization and collaboration, particularly in industrial and manufacturing environments. Security teams responsible for OT/ICS asset protection and patch management should prioritize this update due to the high impact potential and availability of proven fixes.
Technical summary
The vulnerability is an out-of-bounds write occurring during parsing of malformed WRL (VRML) files in Teamcenter Visualization. The affected versions are V14.2, V14.3, V2312, and V2406. Successful exploitation allows arbitrary code execution with the privileges of the current process. Attack vector is local, requiring user interaction to open a malicious file. CVSS 3.1 score: 7.8 (High).
Defensive priority
high
Recommended defensive actions
- Update Teamcenter Visualization to the vendor-fixed version for your product line: V14.2.0.14 or later for V14.2, V14.3.0.12 or later for V14.3, V2312.0008 or later for V2312, or V2406.0005 or later for V2406
- Implement application whitelisting and restrict execution of Teamcenter Visualization to authorized users only
- Train users to avoid opening WRL files from untrusted sources and implement email filtering to block suspicious attachments
- Apply defense-in-depth strategies for industrial control systems environments per CISA guidance
- Monitor for anomalous process behavior or unexpected file parsing operations in Teamcenter Visualization deployments
Evidence notes
Vulnerability disclosed via CISA ICS Advisory ICSA-24-347-09 on December 10, 2024. Siemens security advisory SSA-645131 provides vendor fix information. Original discovery attributed to ZDI-CAN-24485. Advisory revised May 6, 2025 for typo corrections only.
Official resources
-
CVE-2024-52571 CVE record
CVE.org
-
CVE-2024-52571 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-10