CVE-2024-23801 - Vulnerability Details - OpenCVE

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Tecnomatix Plant Simulation

Configuration 1 [-]

OR	cpe:2.3:a:siemens:tecnomatix_plant_simulation::::::::
	cpe:2.3:a:siemens:tecnomatix_plant_simulation:2201.0:-::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-21254	A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-017796.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-02-13T09:00:16.989Z

Updated: 2024-08-01T23:13:07.365Z

Reserved: 2024-01-22T10:34:49.956Z

Link: CVE-2024-23801

Vulnrichment

Updated: 2024-08-01T23:13:07.365Z

NVD

Status : Modified

Published: 2024-02-13T09:15:48.807

Modified: 2024-11-21T08:58:26.957

Link: CVE-2024-23801

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23801", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2024-01-22T10:34:49.956Z", "datePublished": "2024-02-13T09:00:16.989Z", "dateUpdated": "2024-08-01T23:13:07.365Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-02-13T09:00:16.989Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}], "affected": [{"vendor": "Siemens", "product": "Tecnomatix Plant Simulation V2201", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Tecnomatix Plant Simulation V2302", "versions": [{"status": "affected", "version": "0", "lessThan": "V2302.0007", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseScore": 3.3, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T16:03:05.531765Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:20:53.898Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.365Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:07.365Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-13T16:03:05.531765Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.192Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "Tecnomatix Plant Simulation V2201", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Tecnomatix Plant Simulation V2302", "versions": [{"status": "affected", "version": "0", "lessThan": "V2302.0007", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-02-13T09:00:16.989Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23801", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:07.365Z", "dateReserved": "2024-01-22T10:34:49.956Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2024-02-13T09:00:16.989Z", "assignerShortName": "siemens"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1CA9BCC-60B4-44F3-9D13-82EE1E3D834A", "versionEndExcluding": "2302.0007", "versionStartIncluding": "2302.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2201.0:-:*:*:*:*:*:*", "matchCriteriaId": "ACE93AE4-565D-40A2-9954-DA02442AEDD1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones), Tecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0007). Las aplicaciones afectadas contienen una vulnerabilidad de desreferencia de puntero nulo al analizar archivos SPP especialmente manipulados. Un atacante podr\u00eda aprovechar esta vulnerabilidad para bloquear la aplicaci\u00f3n y provocar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2024-23801", "lastModified": "2024-11-21T08:58:26.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-13T09:15:48.807", "references": [{"source": "productcert@siemens.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "productcert@siemens.com", "type": "Secondary"}]}