CVE-2024-41170 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-41170 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
Siemens	Tecnomatix Plant Simulation V2404	0, 0, 0
Siemens	Tecnomatix Plant Simulation V2302	0, 0, 0
siemens	tecnomatix_plant_simulation	2404.0, 2302.0, 2404.0

Timeline

Sep 10, 2024 CVE Published
Sep 10, 2024 PoC Published
Sep 11, 2024 EPSS Score
Sep 15, 2024 PoC Published
Sep 15, 2024 PoC Published
Sep 30, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 20, 2024 EPSS Score
Nov 8, 2024 EPSS Score
Nov 27, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score

References

Open in Interactive Console →