← Back

CVE-2023-41033

nvd nist
Published: Sep 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)

Affected (5)

Siemens
2 products
Parasolid
Simcenter Femap
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Parasolid
From 35.0 to 35.0.260
Parasolid
From 35.1 to 35.1.246
Parasolid
From 36.0 to 36.0.156
Siemens
Simcenter Femap
From 2301.0 to 2301.0003
Simcenter Femap
From 2306.0 to 2306.0001

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.