CVE-2024-41170

EUVD-2024-38959
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
siemenstecnomatix_plant_simulation
2302.0 ≤
𝑥
< 2302.0015
ADP
siemenstecnomatix_plant_simulation
2404.0 ≤
𝑥
< 2404.0004
ADP
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-427715.html