all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001

Add to bookmarks
June 11, 2024, midnight |

Siemens ProductCERT Security Advisories cert-portal.siemens.com

Tecnomatix Plant Simulation contains a type confusion vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.


Siemens has released new versions for the affected products and recommends to update to the latest versions.

application arbitrary code arbitrary code execution code code execution crash file files malicious parsing simulation ssa type confusion using vulnerability

Visit resource

More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories

SSA-238730 V1.0: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4 2 weeks, 1 day ago | cert-portal.siemens.com
attackers components exploit impact +12
SSA-771940 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go 2 weeks, 1 day ago | cert-portal.siemens.com
application applications attacker exhaustion +8
SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1 2 weeks, 1 day ago | cert-portal.siemens.com
latest products siemens ssa +2
SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator 2 weeks, 1 day ago | cert-portal.siemens.com
administrator attacker denial of service directory +15
SSA-620338 V1.0: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM 2 weeks, 1 day ago | cert-portal.siemens.com
attacker buffer buffer overflow buffer overflow vulnerability +12
SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001 2 weeks, 1 day ago | cert-portal.siemens.com
application arbitrary code arbitrary code execution code +11
SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2 2 weeks, 1 day ago | cert-portal.siemens.com
latest siemens sinec ssa +4
SSA-024584 V1.0: Authentication Bypass Vulnerability in PowerSys before V3.11 2 weeks, 1 day ago | cert-portal.siemens.com
administrative privileges attacker authentication authentication bypass +12
SSA-690517 V1.0: Multiple Vulnerabilities in SCALANCE W700 802.11 AX Family 2 weeks, 1 day ago | cert-portal.siemens.com
countermeasures family fixes products +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com