← Back

CVE-2023-49125

nvd nist
Published: Feb 13, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

Affected (17)

Siemens
3 products
Parasolid
Solid Edge Se2023
Solid Edge Se2024
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Parasolid
From 35.0 to 35.0.263
Parasolid
From 35.1 to 35.1.252
Parasolid
From 36.0 to 36.0.198
Siemens
Solid Edge Se2023
Before 223.0
Solid Edge Se2023
Version 223.0 update_0001
Solid Edge Se2023
Version 223.0 update_0002
Solid Edge Se2023
Version 223.0 update_0003
Solid Edge Se2023
Version 223.0 update_0004
Solid Edge Se2023
Version 223.0 update_0005
Solid Edge Se2023
Version 223.0 update_0006
Solid Edge Se2023
Version 223.0 update_0007
Solid Edge Se2023
Version 223.0 update_0008
Solid Edge Se2023
Version 223.0 update_0009
Solid Edge Se2023
Version 223.0 update_0010
Siemens
Solid Edge Se2024
Before 224.0
Solid Edge Se2024
Version 224.0 update_0001
Solid Edge Se2024
Version 224.0 update_0002

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.