PatchSiren cyber security CVE debrief
CVE-2025-23400 Siemens CVE debrief
CVE-2025-23400 is a Siemens product vulnerability disclosed by CISA on 2025-03-11 and revised on 2025-05-06 for typo fixes. Affected Teamcenter Visualization and Tecnomatix Plant Simulation versions can experience memory corruption while parsing specially crafted WRL files, which may allow code execution in the context of the current process. Siemens has published fixed versions for each affected product line, and CISA also recommends not opening untrusted WRL files in affected applications.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.3
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Organizations using Siemens Teamcenter Visualization V14.3, V2312, V2406, V2412 or Tecnomatix Plant Simulation V2302, V2404 should prioritize this issue, especially engineering, manufacturing, and industrial environments where users may open externally supplied CAD/visualization content.
Technical summary
The advisory describes a memory corruption flaw in WRL file parsing. The attack vector is local and requires user interaction (opening a specially crafted WRL file), but successful exploitation could lead to code execution with the privileges of the current process. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, matching a high-severity impact profile. Siemens lists remediated versions for each affected product family: Teamcenter Visualization V14.3.0.13+, V2312.0009+, V2406.0007+, V2412.0002+, Tecnomatix Plant Simulation V2302.0021+, and V2404.0010+.
Defensive priority
High. This is a confirmed vendor-corrected memory corruption issue with potential code execution impact, but it requires a user to open a malicious WRL file. Patch planning should be prompt for any environment that processes untrusted 3D/engineering files.
Recommended defensive actions
- Update Teamcenter Visualization V14.3 to V14.3.0.13 or later.
- Update Teamcenter Visualization V2312 to V2312.0009 or later.
- Update Teamcenter Visualization V2406 to V2406.0007 or later.
- Update Teamcenter Visualization V2412 to V2412.0002 or later.
- Update Tecnomatix Plant Simulation V2302 to V2302.0021 or later.
- Update Tecnomatix Plant Simulation V2404 to V2404.0010 or later.
- Do not open untrusted WRL files in affected applications.
- Apply CISA and Siemens recommended defensive practices for industrial/engineering workstations and file handling.
Evidence notes
Source corpus indicates the issue affects six Siemens product versions across Teamcenter Visualization and Tecnomatix Plant Simulation. The vulnerability is described as memory corruption during parsing of specially crafted WRL files, with potential code execution in the current process. Remediation versions are explicitly listed in the Siemens/CISA advisory materials. The CVE is not marked as KEV in the supplied enrichment fields.
Official resources
-
CVE-2025-23400 CVE record
CVE.org
-
CVE-2025-23400 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA/Siemens on 2025-03-11; revised on 2025-05-06 for typo corrections only.