ID
VAR-202503-0284
CVE
CVE-2025-27438
TITLE
Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Out-of-bounds read vulnerability in
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 2312.0009 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | gte | version: | 2302.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 2312.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.3.0.13 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 2412.0 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | lte | version: | 2302.0021 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | gte | version: | 2404.0 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | lt | version: | 2404.0010 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | gte | version: | 2412.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 2406.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 2412.0002 | Trust: 1.0 |
| vendor: | siemens | model: | tecnomatix plant simulation | scope: | lt | version: | 2412.0002 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 2406.0007 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.3 | Trust: 1.0 |
| vendor: | シーメンス | model: | tecnomatix plant simulation | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | teamcenter visualization | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.0 |
| problemtype: | Out-of-bounds read (CWE-125) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-27438 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-050438 | Trust: 1.8 |
| db: | JVN | id: | JVNVU92252869 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-25-072-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2025-014515 | Trust: 0.8 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-050438.html | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu92252869/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-27438 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-01 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2025-014515 |
| db: | NVD | id: | CVE-2025-27438 |
LAST UPDATE DATE
2025-09-27T23:45:37.899000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-014515 | date: | 2025-09-26T06:29:00 |
| db: | NVD | id: | CVE-2025-27438 | date: | 2025-09-23T15:24:03.457 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-014515 | date: | 2025-09-26T00:00:00 |
| db: | NVD | id: | CVE-2025-27438 | date: | 2025-03-11T10:15:19.407 |