Tecnomatix Plant Simulation V2404
Monthly
Local privilege escalation in Siemens' IAM Client SDK, a shared authentication component bundled across a wide range of Siemens engineering and PLM products (Solid Edge, Teamcenter Visualization, Simcenter, Tecnomatix, COMOS, Designcenter NX), allows an authenticated local user to load attacker-controlled code through an untrusted search path (CWE-426) and gain elevated privileges. The flaw carries a CVSS 4.0 base score of 8.5 and requires only low local privileges with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Local privilege escalation in Siemens' IAM Client SDK, a shared authentication component bundled across a wide range of Siemens engineering and PLM products (Solid Edge, Teamcenter Visualization, Simcenter, Tecnomatix, COMOS, Designcenter NX), allows an authenticated local user to load attacker-controlled code through an untrusted search path (CWE-426) and gain elevated privileges. The flaw carries a CVSS 4.0 base score of 8.5 and requires only low local privileges with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.