CVE-2024-52570

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 18, 2024
Updated: Dec 10, 2024
CWE ID 787

Summary

CVE-2024-52570 is a newly disclosed vulnerability affecting various versions of Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). These applications contain an out-of-bounds write vulnerability when processing maliciously crafted WRL files. An attacker can exploit this flaw to execute code with the same privileges as the current process, potentially leading to significant security risks. Versions prior to V14.2.0.14, V14.3.0.12, V2312.0008, V2406.0005, V2302.0018, and V2404.0007 are all affected by this issue. (ZDI-CAN-24365) In simpler terms: * A recently uncovered vulnerability, CVE-2024-52570, puts at risk various versions of Teamcenter Visualization (V14.2, V14.3, V2312, V2406) and Tecnomatix Plant Simulation (V2302, V2404). * These applications contain an out-of-bounds write weakness when processing specially designed WRL files. * This vulnerability allows an attacker to execute arbitrary code with the same user privileges as the current process. * The affected versions are all prior to V14.2.0.14, V14.3.0.12, V2312.0008, V2406.0005, V2302.0018, and V2404.0007. * The risk of code execution makes this a significant concern for users of these applications.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share