Details of VAR-202410-0100

ID

VAR-202410-0100

CVE

CVE-2024-45467

TITLE

Siemens' Tecnomatix Plant Simulation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-010363

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Tecnomatix Plant Simulation Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-45467 // JVNDB: JVNDB-2024-010363

AFFECTED PRODUCTS

vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	2302.0016	Trust: 1.0
vendor:	siemens	model:	tecnomatix plant simulation	scope:	gte	version:	2303.0000	Trust: 1.0
vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	2404.0005	Trust: 1.0
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	2303.0000 that's all 2404.0005	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	2302.0016	Trust: 0.8

sources: JVNDB: JVNDB-2024-010363 // NVD: CVE-2024-45467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-45467
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2024-45467
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-45467
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-45467
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-45467
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010363 // NVD: CVE-2024-45467 // NVD: CVE-2024-45467

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010363 // NVD: CVE-2024-45467

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45467	Trust: 2.6
db:	SIEMENS	id:	SSA-583523	Trust: 1.8
db:	JVN	id:	JVNVU91585837	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-284-13	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-010363	Trust: 0.8

sources: JVNDB: JVNDB-2024-010363 // NVD: CVE-2024-45467

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-583523.html	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu91585837/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-45467	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-13	Trust: 0.8

sources: JVNDB: JVNDB-2024-010363 // NVD: CVE-2024-45467

SOURCES

db:	JVNDB	id:	JVNDB-2024-010363
db:	NVD	id:	CVE-2024-45467

LAST UPDATE DATE

2024-10-17T19:23:25.760000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010363	date:	2024-10-16T06:26:00
db:	NVD	id:	CVE-2024-45467	date:	2024-10-15T17:34:51.353

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010363	date:	2024-10-16T00:00:00
db:	NVD	id:	CVE-2024-45467	date:	2024-10-08T09:15:13.180