← Back

CVE-2023-25140

nvd nist
Published: Feb 14, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD (Secondary)

Description

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Affected (5)

Siemens
2 products
Parasolid
Solid Edge
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Parasolid
From 34.0 to 34.0.254
Parasolid
From 34.1 to 34.1.242
Parasolid
From 35.0 to 35.0.170
Parasolid
From 35.1 to 35.1.150
Solid Edge
Version se2022

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.