Login Sign Up

CVE-2023-24989

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability in Tecnomatix Plant Simulation allows remote code execution via a specially crafted SPP file, enabling an attacker to run arbitrary code within the application's process context. It affects all versions before V2201.0006, primarily impacting industrial and manufacturing environments using this software for simulation and planning.

💻 Affected Systems

Products:
  • Tecnomatix Plant Simulation
Versions: All versions < V2201.0006
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when parsing SPP files, which are common in normal use for simulation projects.

📦 What is this software?

Tecnomatix Plant Simulation by Siemens

View all CVEs affecting Tecnomatix Plant Simulation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, disruption of industrial operations, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or denial of service affecting the Plant Simulation application, potentially halting simulation workflows.

🟢

If Mitigated

Limited impact if file parsing is restricted or the application runs in a sandboxed environment.

🌐 Internet-Facing: LOW, as exploitation typically requires local file access or user interaction with malicious files, not direct internet exposure.
🏢 Internal Only: MEDIUM, due to the need for an attacker to deliver a malicious SPP file internally, which could occur via phishing or compromised shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious SPP file, but no authentication is needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2201.0006

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf

Restart Required: Yes

Instructions:

1. Download the update from Siemens support portal. 2. Install the patch following vendor instructions. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict SPP file handling

all

Block or limit the opening of untrusted SPP files to reduce attack surface.

🧯 If You Can't Patch

  • Isolate Plant Simulation systems from untrusted networks and enforce strict file access controls.
  • Implement application whitelisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check the Plant Simulation version via the application's help menu or about dialog; if below V2201.0006, it is vulnerable.

Check Version:

In Plant Simulation, go to Help > About to view the version number.

Verify Fix Applied:

After patching, confirm the version is V2201.0006 or higher and test with known safe SPP files.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes or errors when opening SPP files in Plant Simulation logs.

Network Indicators:

  • Unusual file transfers of SPP files to Plant Simulation systems.

SIEM Query:

Search for process creation events related to Plant Simulation with suspicious file paths or crash reports.

📊 Metadata

CVE ID: CVE-2023-24989
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24989, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)