CVE-2024-23801

Description

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Physical

Changed

Affected products

Siemens / Tecnomatix Plant Simulation V22010 – *
Siemens / Tecnomatix Plant Simulation V23020 – V2302.0007

References

MISChttps://cert-portal.siemens.com/productcert/html/ssa-017796.html