CVE-2025-23396
Published: 11 March 2025
Summary
CVE-2025-23396 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Siemens Teamcenter Visualization. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of flaws, such as applying Siemens patches for the out-of-bounds write vulnerability in Teamcenter Visualization and Tecnomatix Plant Simulation.
Implements memory protection mechanisms like DEP and ASLR to prevent exploitation of the out-of-bounds write leading to arbitrary code execution.
Mandates validation of information inputs, helping to reject or sanitize specially crafted WRL files before parsing in the affected applications.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is triggered by parsing a malicious WRL file opened by the user, directly enabling arbitrary code execution via user interaction with a crafted file.
NVD Description
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions…
more
< V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.
Deeper analysisAI
CVE-2025-23396 is an out-of-bounds write vulnerability (CWE-787) present in multiple versions of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation. It affects Teamcenter Visualization V14.3 (all versions prior to V14.3.0.13), V2312 (prior to V2312.0009), V2406 (prior to V2406.0007), and V2412 (prior to V2412.0002), as well as Tecnomatix Plant Simulation V2302 (prior to V2302.0021) and V2404 (prior to V2404.0010). The issue arises when the affected applications parse a specially crafted WRL file.
With a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the vulnerability can be exploited by a local attacker with no privileges required. Exploitation requires user interaction, such as convincing a user to open a malicious WRL file within one of the affected applications. Successful exploitation allows the attacker to execute arbitrary code in the context of the current process.
Siemens Security Advisory SSA-050438, available at https://cert-portal.siemens.com/productcert/html/ssa-050438.html, provides details on the vulnerability and mitigation steps, including patches for the specified affected versions.
Details
- CWE(s)