All the vulnerabilites related to Siemens - Solid Edge SE2022
cve-2023-24549
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:15.989Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24549", "datePublished": "2023-02-14T10:36:25.778Z", "dateReserved": "2023-01-26T14:06:35.398Z", "dateUpdated": "2024-08-02T11:03:18.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24556
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.254Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:23.467Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24556", "datePublished": "2023-02-14T10:36:33.749Z", "dateReserved": "2023-01-26T14:06:35.400Z", "dateUpdated": "2024-08-02T11:03:19.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24555
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:22.404Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24555", "datePublished": "2023-02-14T10:36:32.550Z", "dateReserved": "2023-01-26T14:06:35.400Z", "dateUpdated": "2024-08-02T11:03:19.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24581
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:34.788Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24581", "datePublished": "2023-02-14T10:36:46.345Z", "dateReserved": "2023-01-27T16:12:53.048Z", "dateUpdated": "2024-08-02T11:03:18.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24558
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.772Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:25.558Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24558", "datePublished": "2023-02-14T10:36:36.036Z", "dateReserved": "2023-01-26T14:06:35.400Z", "dateUpdated": "2024-08-02T11:03:18.772Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24565
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:32.753Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24565", "datePublished": "2023-02-14T10:36:44.102Z", "dateReserved": "2023-01-26T16:20:20.792Z", "dateUpdated": "2024-08-02T11:03:18.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24566
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.234Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:33.773Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24566", "datePublished": "2023-02-14T10:36:45.233Z", "dateReserved": "2023-01-26T16:20:20.792Z", "dateUpdated": "2024-08-02T11:03:19.234Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24552
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:19.249Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24552", "datePublished": "2023-02-14T10:36:29.146Z", "dateReserved": "2023-01-26T14:06:35.399Z", "dateUpdated": "2024-08-02T11:03:18.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24559
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:26.597Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24559", "datePublished": "2023-02-14T10:36:37.176Z", "dateReserved": "2023-01-26T14:06:35.401Z", "dateUpdated": "2024-08-02T11:03:19.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24560
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:27.615Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24560", "datePublished": "2023-02-14T10:36:38.321Z", "dateReserved": "2023-01-26T14:06:35.401Z", "dateUpdated": "2024-08-02T11:03:18.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46345
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:33.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "33.1.264", "status": "affected", "version": "33.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "solid_edge", "vendor": "siemens", "versions": [ { "lessThan": "v223.0", "status": "affected", "version": "se2022", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:34.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "34.1.242", "status": "affected", "version": "34.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.0.170", "status": "affected", "version": "35.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:34.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "34.0.252", "status": "affected", "version": "34.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-46345", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:00:20.745055Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T19:22:59.367Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V33.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V33.1.264" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.252" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:10.275Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46345", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24551
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.796Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:18.230Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24551", "datePublished": "2023-02-14T10:36:28.028Z", "dateReserved": "2023-01-26T14:06:35.399Z", "dateUpdated": "2024-08-02T11:03:18.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44018
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-340/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:28", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44018", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44018", "datePublished": "2022-02-09T15:17:10", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.421Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46346
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V33.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V33.1.264" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.252" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:11.475Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46346", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:45.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46349
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V33.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V33.1.264" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.252" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:14.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46349", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:45.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24550
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:17.103Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24550", "datePublished": "2023-02-14T10:36:26.898Z", "dateReserved": "2023-01-26T14:06:35.398Z", "dateUpdated": "2024-08-02T11:03:18.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46348
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V33.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V33.1.264" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.252" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:13.727Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46348", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24563
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:30.687Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24563", "datePublished": "2023-02-14T10:36:41.883Z", "dateReserved": "2023-01-26T14:06:35.401Z", "dateUpdated": "2024-08-02T11:03:18.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44000
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-335/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:26", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44000", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44000", "datePublished": "2022-02-09T15:17:07", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28830
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28830", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T19:48:40.205775Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T19:49:54.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0 Update 13" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0 Update 4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.15" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:17.760Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-28830", "datePublished": "2023-08-08T09:20:17.760Z", "dateReserved": "2023-03-24T15:17:33.934Z", "dateUpdated": "2024-10-23T19:49:54.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-44016
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-22-338/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2021MP9" } ] }, { "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c SE2022MP1" } ] }, { "product": "Teamcenter Visualization V13.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.1.0.9" } ] }, { "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.7" } ] }, { "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-14T09:21:27", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-44016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Solid Edge SE2021", "version": { "version_data": [ { "version_value": "All versions \u003c SE2021MP9" } ] } }, { "product_name": "Solid Edge SE2022", "version": { "version_data": [ { "version_value": "All versions \u003c SE2022MP1" } ] } }, { "product_name": "Teamcenter Visualization V13.1", "version": { "version_data": [ { "version_value": "All versions \u003c V13.1.0.9" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_value": "All versions \u003c V13.2.0.7" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_value": "All versions \u003c V13.3.0.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-44016", "datePublished": "2022-02-09T15:17:09", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24557
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:24.502Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24557", "datePublished": "2023-02-14T10:36:34.877Z", "dateReserved": "2023-01-26T14:06:35.400Z", "dateUpdated": "2024-08-02T11:03:18.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24561
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:28.643Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24561", "datePublished": "2023-02-14T10:36:39.446Z", "dateReserved": "2023-01-26T14:06:35.401Z", "dateUpdated": "2024-08-02T11:03:18.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24562
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.854Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824: Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:29.675Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24562", "datePublished": "2023-02-14T10:36:40.716Z", "dateReserved": "2023-01-26T14:06:35.401Z", "dateUpdated": "2024-08-02T11:03:18.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24564
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.737Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:31.708Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24564", "datePublished": "2023-02-14T10:36:43.008Z", "dateReserved": "2023-01-26T16:20:20.791Z", "dateUpdated": "2024-08-02T11:03:18.737Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25140
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:18:35.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.254" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.1.150" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.0 (All versions \u003c V34.0.254), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Parasolid V35.1 (All versions \u003c V35.1.150), Solid Edge SE2022 (All versions \u003c V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:55.102Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-25140", "datePublished": "2023-02-14T10:37:08.574Z", "dateReserved": "2023-02-03T08:06:30.685Z", "dateUpdated": "2024-08-02T11:18:35.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46347
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V33.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V33.1.264" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.0.252" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V34.1.242" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V35.0.170" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19079)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:12.594Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-46347", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:45.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24553
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.686Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:20.298Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24553", "datePublished": "2023-02-14T10:36:30.258Z", "dateReserved": "2023-01-26T14:06:35.399Z", "dateUpdated": "2024-08-02T11:03:18.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24554
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Siemens | Solid Edge SE2022 | |
Siemens | Solid Edge SE2023 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0MP12" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0Update2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:31:21.336Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-24554", "datePublished": "2023-02-14T10:36:31.375Z", "dateReserved": "2023-01-26T14:06:35.399Z", "dateUpdated": "2024-08-02T11:03:18.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202308-0233
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go , Teamcenter Visualization , solid edge se2022 A number of Siemens products, including Freed Memory Usage Vulnerability, exist in several Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0233", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_8" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0002" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_2" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_12" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_5" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_10" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.2.0.5" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.2" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0003" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_7" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_4" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_11" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_3" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_9" }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.15" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "maintenance_pack_1" }, { "model": "solid edge se2022", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "solid edge se2023", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "update_0001" }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "solid edge se2022", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "solid edge se2023", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "versionStartIncluding": "14.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.2.0.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.11", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.15", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.11", "versionStartIncluding": "14.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2023:update_0003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-28830" } ] }, "cve": "CVE-2023-28830", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2023-28830", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-28830", "trust": 1.8, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2023-28830", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go , Teamcenter Visualization , solid edge se2022 A number of Siemens products, including Freed Memory Usage Vulnerability, exist in several Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "VULMON", "id": "CVE-2023-28830" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-28830", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-131450", "trust": 1.9 }, { "db": "JVN", "id": "JVNVU90056839", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-222-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-021527", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2023-28830", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "id": "VAR-202308-0233", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2024-01-20T20:31:43.959000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 }, { "problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90056839/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28830" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-28830" }, { "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-28830" }, { "date": "2024-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "date": "2023-08-08T10:15:14.847000", "db": "NVD", "id": "CVE-2023-28830" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2023-28830" }, { "date": "2024-01-19T06:45:00", "db": "JVNDB", "id": "JVNDB-2023-021527" }, { "date": "2023-08-15T16:54:21.120000", "db": "NVD", "id": "CVE-2023-28830" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use of Freed Memory Vulnerability in Multiple Siemens Products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-021527" } ], "trust": 0.8 } }