CVE-2024-52568
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-52568 is a newly identified vulnerability affecting various versions of Teamcenter Visualization (V14.2, V14.3, V2312, V2406), Tecnomatix Plant Simulation (V2302, V2404). These applications contain a use-after-free vulnerability, which can be triggered while processing maliciously crafted WRL files. An attacker could exploit this flaw to execute code in the context of the current process. (ZDI-CAN-24244) This vulnerability, denoted by CVE-2024-52568, poses a significant risk to users of Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). The affected software contains a use-after-free error, which is brought about by improperly handling WRL files. An attacker can take advantage of this flaw to execute arbitrary code within the system. The CVE-2024-52568 vulnerability jeopardizes the security of Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404) versions below V14.2.0.14, V14.3.0.12, V2312.0008, V2406.0005, V2302.0018, and V2404.0007, respectively. This issue involves a use-after-free error, which is triggered during the parsing of specially crafted WRL files. An attacker can exploit this vulnerability to run unauthorized code within the affected applications. A critical vulnerability, CVE-2024-52568, has been discovered in Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). The flaw, which lies in the handling of WRL files, creates a use-after-free condition that an attacker can leverage to execute arbitrary code. Affected versions include those before V14.2.0.14, V14.3.0.12, V2312.0008, V2406.0005, V2302.0018, and V2404.0007. CVE-2024-52568 denotes a newly discovered vulnerability within Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). The flaw, which involves a use-after-free error, can be triggered while processing WRL files. An attacker could potentially exploit this vulnerability to execute arbitrary code within the affected applications. Affected versions include those below V14.2.0.14, V14.3.0.12, V2312.0008, V2406.0005, V2302.0018, and V2404.0007.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.