Details of VAR-202410-0102

ID

VAR-202410-0102

CVE

CVE-2024-45476

TITLE

Siemens' Tecnomatix Plant Simulation In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-010359

DESCRIPTION

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens' Tecnomatix Plant Simulation for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-45476 // JVNDB: JVNDB-2024-010359

AFFECTED PRODUCTS

vendor:	siemens	model:	tecnomatix plant simulation	scope:	gte	version:	2303.0000	Trust: 1.0
vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	2404.0005	Trust: 1.0
vendor:	siemens	model:	tecnomatix plant simulation	scope:	lt	version:	2302.0016	Trust: 1.0
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	2303.0000 that's all 2404.0005	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	tecnomatix plant simulation	scope:	eq	version:	2302.0016	Trust: 0.8

sources: JVNDB: JVNDB-2024-010359 // NVD: CVE-2024-45476

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-45476
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-45476
value:	LOW
Trust: 1.0
NVD:	CVE-2024-45476
value:	LOW
Trust: 0.8

productcert@siemens.com:	CVE-2024-45476
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2024-45476
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010359 // NVD: CVE-2024-45476 // NVD: CVE-2024-45476

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010359 // NVD: CVE-2024-45476

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45476	Trust: 2.6
db:	SIEMENS	id:	SSA-583523	Trust: 1.8
db:	SIEMENS	id:	SSA-645131	Trust: 1.0
db:	JVN	id:	JVNVU91585837	Trust: 0.8
db:	ICS CERT	id:	ICSA-24-284-13	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-010359	Trust: 0.8

sources: JVNDB: JVNDB-2024-010359 // NVD: CVE-2024-45476

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-583523.html	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-645131.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu91585837/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-45476	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-13	Trust: 0.8

sources: JVNDB: JVNDB-2024-010359 // NVD: CVE-2024-45476

SOURCES

db:	JVNDB	id:	JVNDB-2024-010359
db:	NVD	id:	CVE-2024-45476

LAST UPDATE DATE

2024-12-10T19:28:47.733000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010359	date:	2024-10-16T06:26:00
db:	NVD	id:	CVE-2024-45476	date:	2024-12-10T14:30:43.853

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010359	date:	2024-10-16T00:00:00
db:	NVD	id:	CVE-2024-45476	date:	2024-10-08T09:15:15.830