PatchSiren cyber security CVE debrief
CVE-2025-23396 Siemens CVE debrief
CVE-2025-23396 was published on 2025-03-11 and later revised on 2025-05-06 with typo-only changes in the CISA advisory. Siemens and CISA say affected Teamcenter Visualization and Tecnomatix Plant Simulation versions can hit an out-of-bounds write while parsing a specially crafted WRL file, which could allow code execution in the context of the current process. The safest immediate response is to avoid opening untrusted WRL files and upgrade to the fixed Siemens versions listed in the advisory.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.3
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Administrators, operators, and end users of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation deployments, especially in environments where WRL files are exchanged or opened as part of engineering, visualization, or industrial workflows; security teams responsible for patching and file-ingestion controls should treat this as a high-priority issue.
Technical summary
The advisory describes a parsing-time out-of-bounds write in Siemens applications when handling crafted WRL files. The impact is code execution in the current process, and the CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack conditions, no privileges required, and user interaction required. Affected product branches listed by the advisory are Teamcenter Visualization V14.3, V2312, V2406, V2412 and Tecnomatix Plant Simulation V2302, V2404. Siemens lists fixed versions as V14.3.0.13 or later, V2312.0009 or later, V2406.0007 or later, V2412.0002 or later, V2302.0021 or later, and V2404.0010 or later.
Defensive priority
High — the issue can lead to code execution from crafted file content, and vendor fixes are available for every affected branch.
Recommended defensive actions
- Apply the Siemens fixed versions for every affected product branch: V14.3.0.13+, V2312.0009+, V2406.0007+, V2412.0002+, V2302.0021+, and V2404.0010+.
- Do not open untrusted WRL files in the affected applications until patching is complete.
- Restrict WRL file handling to trusted sources and review ingestion workflows that can introduce untrusted files into engineering or visualization environments.
- Prioritize updates on systems where these Siemens products are used by staff who routinely open external or third-party files.
- Track CISA advisory ICSA-25-072-01 and Siemens SSA-050438 for any further vendor updates or clarifications.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-072-01 and Siemens advisory references (SSA-050438). The source metadata lists the affected Siemens products and the corresponding fixed versions. The revision history shows the advisory was published on 2025-03-11 and revised on 2025-05-06 for typo fixes only.
Official resources
-
CVE-2025-23396 CVE record
CVE.org
-
CVE-2025-23396 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Initial public disclosure occurred on 2025-03-11 through the Siemens/CISA advisory chain. The CISA CSAF record was revised on 2025-05-06 with typo-only corrections.