Login Sign Up

CVE-2023-24979

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability in Tecnomatix Plant Simulation allows remote code execution via a specially crafted SPP file, enabling an attacker to run arbitrary code within the application's process context. It affects all versions before V2201.0006, primarily impacting industrial and manufacturing environments using this simulation software.

💻 Affected Systems

Products:
  • Tecnomatix Plant Simulation
Versions: All versions < V2201.0006
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing SPP files, so any configuration that processes such files is affected.

📦 What is this software?

Tecnomatix Plant Simulation by Siemens

View all CVEs affecting Tecnomatix Plant Simulation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, disruption of industrial processes, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or application crash, potentially causing operational downtime in manufacturing settings.

🟢

If Mitigated

Limited to denial of service if execution is blocked, but risk remains if files are processed.

🌐 Internet-Facing: LOW, as exploitation typically requires local file access or user interaction with malicious files, not direct internet exposure.
🏢 Internal Only: MEDIUM, due to the need for an attacker to deliver a malicious SPP file internally, which could occur via phishing or compromised shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious SPP file, making it less trivial but feasible with social engineering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2201.0006

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf

Restart Required: Yes

Instructions:

1. Download the update from Siemens support portal. 2. Install the patch following vendor instructions. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict SPP file handling

all

Block or limit access to SPP files from untrusted sources to reduce attack surface.

🧯 If You Can't Patch

  • Implement strict access controls to prevent untrusted SPP files from being opened in the application.
  • Use application whitelisting to restrict execution of Plant Simulation to trusted users only.

🔍 How to Verify

Check if Vulnerable:

Check the application version in the help menu or about dialog; if it is below V2201.0006, it is vulnerable.

Check Version:

In Plant Simulation, go to Help > About to view the version.

Verify Fix Applied:

Confirm the version is V2201.0006 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or errors when opening SPP files, unusual process behavior in logs.

Network Indicators:

  • Unusual file transfers of SPP files to affected systems.

SIEM Query:

Search for events where Plant Simulation process spawns unexpected child processes or crashes.

📊 Metadata

CVE ID: CVE-2023-24979
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24979, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)