CVE-2023-38528 | THREATINT

Description

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.

Reserved 2023-07-19 | Published 2023-08-08 | Updated 2024-10-15 | Assigner siemens

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

HIGH: 7.3CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-787: Out-of-bounds Write

Product status

Default status

unknown

Any version before V34.1.258

affected

Default status

unknown

Any version before V35.0.254

affected

Default status

unknown

Any version before V35.1.197

affected

Default status

unknown

Any version before V35.1.184

affected

Default status

unknown

Any version before V14.1.0.11

affected

Default status

unknown

Any version before V14.2.0.6

affected

Default status

unknown

Any version before V14.3.0.3

affected

References

cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf

cert-portal.siemens.com/productcert/html/ssa-407785.html

cve.org (CVE-2023-38528)

nvd.nist.gov (CVE-2023-38528)

Download JSON