CVE-2023-24555

Published: Feb 14, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD (Secondary)

Description

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Affected (12)

Products: Siemens: Solid Edge Se2022, Solid Edge Se2023

Siemens

2 products

Solid Edge Se2022

Solid Edge Se2023

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2022	All versions
Siemens Solid Edge Se2022	Version maintenance_pack_10
Siemens Solid Edge Se2022	Version maintenance_pack_11
Siemens Solid Edge Se2022	Version maintenance_pack_1
Siemens Solid Edge Se2022	Version maintenance_pack_2
Siemens Solid Edge Se2022	Version maintenance_pack_3
Siemens Solid Edge Se2022	Version maintenance_pack_4
Siemens Solid Edge Se2022	Version maintenance_pack_5
Siemens Solid Edge Se2022	Version maintenance_pack_7
Siemens Solid Edge Se2022	Version maintenance_pack_8
Siemens Solid Edge Se2022	Version maintenance_pack_9
Siemens Solid Edge Se2023	Before 2210.0002.004

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.