1. EXECUTIVE SUMMARY
- CVSS v4 7.3
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Teamcenter Visualization and Tecnomatix Plant Simulation
- Vulnerabilities: Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Read, Use After Free
2. RISK EVALUATION
The successful exploitation of the identified vulnerabilities in Siemens’ Teamcenter Visualization and Tecnomatix Plant Simulation could lead to significant operational disruptions. Attackers may cause the applications to crash or, more critically, execute arbitrary code, potentially compromising the integrity and confidentiality of sensitive data.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens has identified the following versions of its products as vulnerable:
- Teamcenter Visualization V14.3: Versions prior to V14.3.0.13
- Teamcenter Visualization V2312: Versions prior to V2312.0009
- Teamcenter Visualization V2406: Versions prior to V2406.0007
- Teamcenter Visualization V2412: Versions prior to V2412.0002
- Tecnomatix Plant Simulation V2302: Versions prior to V2302.0021
- Tecnomatix Plant Simulation V2404: Versions prior to V2404.0010
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
This vulnerability arises when the affected applications parse specially crafted WRL files, allowing an attacker to execute code within the context of the current process. The CVE-2025-23396 has been assigned to this vulnerability, with a CVSS v3 base score of 7.8 and a CVSS v4 score of 7.3.
3.2.2 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
This vulnerability also allows for memory corruption during the parsing of specially crafted WRL files, enabling code execution in the context of the current process. The CVE-2025-23397 has been assigned to this vulnerability, with both CVSS v3 and v4 scores of 7.8 and 7.3, respectively.
3.2.3 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Similar to the previous vulnerability, this issue allows for memory corruption while parsing WRL files, with CVE-2025-23398 assigned and CVSS scores of 7.8 (v3) and 7.3 (v4).
3.2.4 OUT-OF-BOUNDS READ CWE-125
This vulnerability permits an out-of-bounds read past the end of an allocated structure during the parsing of WRL files, potentially allowing code execution. CVE-2025-23399 has been assigned, with CVSS scores of 7.8 (v3) and 7.3 (v4).
3.2.5 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
This vulnerability is similar to previous entries, allowing for memory corruption while parsing WRL files. CVE-2025-23400 has been assigned, with CVSS scores of 7.8 (v3) and 7.3 (v4).
3.2.6 OUT-OF-BOUNDS READ CWE-125
This vulnerability allows for an out-of-bounds read past the end of an allocated structure, with CVE-2025-23401 assigned and CVSS scores of 7.8 (v3) and 7.3 (v4).
3.2.7 USE AFTER FREE CWE-416
This vulnerability can be triggered while parsing WRL files, allowing an attacker to execute code in the context of the current process. CVE-2025-23402 has been assigned, with CVSS scores of 7.8 (v3) and 7.3 (v4).
3.2.8 OUT-OF-BOUNDS READ CWE-125
This vulnerability allows for an out-of-bounds read past the end of an allocated structure, with CVE-2025-27438 assigned and CVSS scores of 7.8 (v3) and 7.3 (v4).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER
The vulnerabilities were reported to Siemens by Jin Huang from ADLab of Venustech and Michael Heinzl.
4. MITIGATIONS
Siemens has released updates for the affected products and recommends users to upgrade to the latest versions:
- Teamcenter Visualization




