Vulnerabilites related to Siemens - Simcenter Femap V2301
cve-2023-41033
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2025-02-27 20:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V35.0 |
Version: All versions < V35.0.260 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:46:11.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41033", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:44.895132Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:55:04.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.260", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.246", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V36.0.156", }, ], }, { defaultStatus: "unknown", product: "Simcenter Femap V2301", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2301.0003", }, ], }, { defaultStatus: "unknown", product: "Simcenter Femap V2306", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2306.0001", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:43.928Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-41033", datePublished: "2023-09-12T09:32:34.938Z", dateReserved: "2023-08-22T15:41:08.130Z", dateUpdated: "2025-02-27T20:55:04.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41032
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2025-02-27 20:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: All versions < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:46:11.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf", }, { tags: [ "x_transferred", ], url: "https://www.bentley.com/advisories/be-2023-0004/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41032", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:46.356843Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:55:11.015Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.1.258", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.253", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.184", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V36.0.142", }, ], }, { defaultStatus: "unknown", product: "Simcenter Femap V2301", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2301.0003", }, ], }, { defaultStatus: "unknown", product: "Simcenter Femap V2306", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2306.0001", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T05:09:28.222Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf", }, { url: "https://www.bentley.com/advisories/be-2023-0004/", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-41032", datePublished: "2023-09-12T09:32:33.893Z", dateReserved: "2023-08-22T15:41:08.129Z", dateUpdated: "2025-02-27T20:55:11.015Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }