Vulnerabilites related to siemens - tecnomatix
var-202310-0151
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0151", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44085", }, ], }, cve: "CVE-2023-44085", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75583", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44085", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44085", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44085", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75583", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-44085", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "CNVD", id: "CNVD-2023-75583", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44085", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013975", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75583", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, id: "VAR-202310-0151", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, ], }, last_update_date: "2023-12-23T22:07:01.314000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds read vulnerability (CNVD-2023-75583)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466671", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1, }, { problemtype: "Out-of-bounds read (CWE-125) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44085", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75583", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75583", }, { db: "JVNDB", id: "JVNDB-2023-013975", }, { db: "NVD", id: "CVE-2023-44085", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-13T00:00:00", db: "CNVD", id: "CNVD-2023-75583", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013975", }, { date: "2023-10-10T11:15:12.737000", db: "NVD", id: "CVE-2023-44085", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75583", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013975", }, { date: "2023-10-12T00:43:03.957000", db: "NVD", id: "CVE-2023-44085", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds read vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013975", }, ], trust: 0.8, }, }
var-202310-0155
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268). Siemens' tecnomatix Exists in a vulnerability related to illegal type conversion.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0155", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-45204", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1576", }, ], trust: 0.7, }, cve: "CVE-2023-45204", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75580", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-45204", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-45204", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-45204", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-45204", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-45204", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75580", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268). Siemens' tecnomatix Exists in a vulnerability related to illegal type conversion.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-45204", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-45204", trust: 3.9, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013978", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21268", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1576", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-75580", trust: 0.6, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, id: "VAR-202310-0155", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75580", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75580", }, ], }, last_update_date: "2023-12-23T22:06:57.923000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation file analysis vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466691", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-704", trust: 1, }, { problemtype: "Illegal type conversion or cast (CWE-704) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-45204", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1576", }, { db: "CNVD", id: "CNVD-2023-75580", }, { db: "JVNDB", id: "JVNDB-2023-013978", }, { db: "NVD", id: "CVE-2023-45204", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1576", }, { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75580", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013978", }, { date: "2023-10-10T11:15:13.080000", db: "NVD", id: "CVE-2023-45204", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1576", }, { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75580", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013978", }, { date: "2023-10-12T00:44:00.243000", db: "NVD", id: "CVE-2023-45204", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Illegal type conversion vulnerabilities in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013978", }, ], trust: 0.8, }, }
var-202307-0572
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051). Siemens' tecnomatix contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0572", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37376", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1575", }, ], trust: 0.7, }, cve: "CVE-2023-37376", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56534", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37376", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37376", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37376", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37376", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37376", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56534", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-724", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "CNNVD", id: "CNNVD-202307-724", }, { db: "NVD", id: "CVE-2023-37376", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051). Siemens' tecnomatix contains a type confusion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37376", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "VULMON", id: "CVE-2023-37376", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37376", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021700", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21051", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1575", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56534", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-724", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37376", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "VULMON", id: "CVE-2023-37376", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "CNNVD", id: "CNNVD-202307-724", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, id: "VAR-202307-0572", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56534", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56534", }, ], }, last_update_date: "2024-01-21T20:33:53.383000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Type Confusion Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443036", }, { title: "Siemens Tecnomatix Plant Simulation Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246648", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "CNNVD", id: "CNNVD-202307-724", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-843", trust: 1, }, { problemtype: "Mistake of type (CWE-843) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37376", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37376/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "VULMON", id: "CVE-2023-37376", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "CNNVD", id: "CNNVD-202307-724", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1575", }, { db: "CNVD", id: "CNVD-2023-56534", }, { db: "VULMON", id: "CVE-2023-37376", }, { db: "JVNDB", id: "JVNDB-2023-021700", }, { db: "CNNVD", id: "CNNVD-202307-724", }, { db: "NVD", id: "CVE-2023-37376", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1575", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56534", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37376", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021700", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-724", }, { date: "2023-07-11T10:15:11.877000", db: "NVD", id: "CVE-2023-37376", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1575", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56534", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37376", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021700", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-724", }, { date: "2023-07-18T14:56:17.227000", db: "NVD", id: "CVE-2023-37376", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-724", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Vulnerability regarding mix-ups in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021700", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202307-724", }, ], trust: 0.6, }, }
var-202310-0157
Vulnerability from variot
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290). Siemens' parasolid and tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0157", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "parasolid", scope: "lt", trust: 1, vendor: "siemens", version: "35.0.262", }, { model: "parasolid", scope: "gte", trust: 1, vendor: "siemens", version: "35.0", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "parasolid", scope: "lt", trust: 1, vendor: "siemens", version: "35.1.250", }, { model: "parasolid", scope: "gte", trust: 1, vendor: "siemens", version: "35.1", }, { model: "parasolid", scope: "lt", trust: 1, vendor: "siemens", version: "36.0.169", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "parasolid", scope: "gte", trust: 1, vendor: "siemens", version: "36.0", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "parasolid", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1577", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "36.0.169", versionStartIncluding: "36.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "35.1.250", versionStartIncluding: "35.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "35.0.262", versionStartIncluding: "35.0", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-45601", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1577", }, ], trust: 0.7, }, cve: "CVE-2023-45601", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-45601", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-45601", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-45601", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-45601", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-45601", trust: 0.7, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1577", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290). Siemens' parasolid and tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer", sources: [ { db: "NVD", id: "CVE-2023-45601", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "ZDI", id: "ZDI-23-1577", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-45601", trust: 3.3, }, { db: "SIEMENS", id: "SSA-524778", trust: 1.8, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013979", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21290", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1577", trust: 0.7, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1577", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, id: "VAR-202310-0157", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.420371905, }, last_update_date: "2023-12-23T22:07:01.344000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1577", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-45601", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1577", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1577", }, { db: "JVNDB", id: "JVNDB-2023-013979", }, { db: "NVD", id: "CVE-2023-45601", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1577", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013979", }, { date: "2023-10-10T11:15:13.247000", db: "NVD", id: "CVE-2023-45601", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1577", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013979", }, { date: "2023-10-12T00:44:25.833000", db: "NVD", id: "CVE-2023-45601", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' parasolid and tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013979", }, ], trust: 0.8, }, }
var-202310-0152
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0152", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44082", }, ], }, cve: "CVE-2023-44082", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75586", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44082", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44082", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44082", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75586", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-44082", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "CNVD", id: "CNVD-2023-75586", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44082", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-014035", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75586", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, id: "VAR-202310-0152", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, ], }, last_update_date: "2023-12-23T22:06:58.015000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds write vulnerability (CNVD-2023-75586)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466656", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44082", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75586", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75586", }, { db: "JVNDB", id: "JVNDB-2023-014035", }, { db: "NVD", id: "CVE-2023-44082", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-12T00:00:00", db: "CNVD", id: "CNVD-2023-75586", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-014035", }, { date: "2023-10-10T11:15:12.487000", db: "NVD", id: "CVE-2023-44082", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75586", }, { date: "2023-12-22T05:28:00", db: "JVNDB", id: "JVNDB-2023-014035", }, { date: "2023-10-12T00:42:40.427000", db: "NVD", id: "CVE-2023-44082", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-014035", }, ], trust: 0.8, }, }
var-202308-0005
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0005", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1570", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-38680", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Simon Janz (@esj4y)", sources: [ { db: "ZDI", id: "ZDI-23-1570", }, ], trust: 0.7, }, cve: "CVE-2023-38680", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-38680", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-38680", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-38680", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-38680", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-38680", trust: 0.7, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1570", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure", sources: [ { db: "NVD", id: "CVE-2023-38680", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "ZDI", id: "ZDI-23-1570", }, { db: "VULMON", id: "CVE-2023-38680", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-38680", trust: 3.4, }, { db: "SIEMENS", id: "SSA-764801", trust: 1.9, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021426", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21132", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1570", trust: 0.7, }, { db: "VULMON", id: "CVE-2023-38680", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1570", }, { db: "VULMON", id: "CVE-2023-38680", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, id: "VAR-202308-0005", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.420371905, }, last_update_date: "2024-01-20T20:29:22.296000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1570", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-38680", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1570", }, { db: "VULMON", id: "CVE-2023-38680", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1570", }, { db: "VULMON", id: "CVE-2023-38680", }, { db: "JVNDB", id: "JVNDB-2023-021426", }, { db: "NVD", id: "CVE-2023-38680", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1570", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38680", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021426", }, { date: "2023-08-08T10:15:16.677000", db: "NVD", id: "CVE-2023-38680", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1570", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38680", }, { date: "2024-01-19T05:42:00", db: "JVNDB", id: "JVNDB-2023-021426", }, { date: "2023-08-14T17:16:36.667000", db: "NVD", id: "CVE-2023-38680", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021426", }, ], trust: 0.8, }, }
var-202310-0149
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0149", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44081", }, ], }, cve: "CVE-2023-44081", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75587", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44081", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44081", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44081", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75587", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance", sources: [ { db: "NVD", id: "CVE-2023-44081", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "CNVD", id: "CNVD-2023-75587", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44081", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-014034", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75587", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, id: "VAR-202310-0149", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, ], }, last_update_date: "2023-12-23T22:06:58.051000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds write vulnerability (CNVD-2023-75587)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466651", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44081", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75587", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75587", }, { db: "JVNDB", id: "JVNDB-2023-014034", }, { db: "NVD", id: "CVE-2023-44081", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-12T00:00:00", db: "CNVD", id: "CNVD-2023-75587", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-014034", }, { date: "2023-10-10T11:15:12.403000", db: "NVD", id: "CVE-2023-44081", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75587", }, { date: "2023-12-22T05:28:00", db: "JVNDB", id: "JVNDB-2023-014034", }, { date: "2023-10-12T00:42:21.237000", db: "NVD", id: "CVE-2023-44081", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-014034", }, ], trust: 0.8, }, }
var-202307-0577
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0577", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37246", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1557", }, ], trust: 0.7, }, cve: "CVE-2023-37246", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56539", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37246", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37246", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37246", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37246", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37246", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56539", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-730", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "CNNVD", id: "CNNVD-202307-730", }, { db: "NVD", id: "CVE-2023-37246", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PRT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37246", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "VULMON", id: "CVE-2023-37246", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37246", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021711", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21109", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1557", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56539", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-730", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37246", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "VULMON", id: "CVE-2023-37246", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "CNNVD", id: "CNNVD-202307-730", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, id: "VAR-202307-0577", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56539", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56539", }, ], }, last_update_date: "2024-01-21T19:17:23.892000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Heap Buffer Overflow Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443061", }, { title: "Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246653", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "CNNVD", id: "CNNVD-202307-730", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37246", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37246/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "VULMON", id: "CVE-2023-37246", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "CNNVD", id: "CNNVD-202307-730", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1557", }, { db: "CNVD", id: "CNVD-2023-56539", }, { db: "VULMON", id: "CVE-2023-37246", }, { db: "JVNDB", id: "JVNDB-2023-021711", }, { db: "CNNVD", id: "CNNVD-202307-730", }, { db: "NVD", id: "CVE-2023-37246", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1557", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56539", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37246", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021711", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-730", }, { date: "2023-07-11T10:15:11.550000", db: "NVD", id: "CVE-2023-37246", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1557", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56539", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37246", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021711", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-730", }, { date: "2023-07-18T14:57:38.210000", db: "NVD", id: "CVE-2023-37246", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-730", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021711", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202307-730", }, ], trust: 0.6, }, }
var-202310-0154
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0154", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44084", }, ], }, cve: "CVE-2023-44084", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75584", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44084", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44084", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44084", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75584", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Leverage the power of discrete event simulation for throughput analysis and optimization to improve manufacturing system performance", sources: [ { db: "NVD", id: "CVE-2023-44084", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "CNVD", id: "CNVD-2023-75584", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44084", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013974", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75584", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, id: "VAR-202310-0154", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, ], }, last_update_date: "2023-12-23T22:06:57.949000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds read vulnerability (CNVD-2023-75584)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466666", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1, }, { problemtype: "Out-of-bounds read (CWE-125) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44084", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75584", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75584", }, { db: "JVNDB", id: "JVNDB-2023-013974", }, { db: "NVD", id: "CVE-2023-44084", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-13T00:00:00", db: "CNVD", id: "CNVD-2023-75584", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013974", }, { date: "2023-10-10T11:15:12.650000", db: "NVD", id: "CVE-2023-44084", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75584", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013974", }, { date: "2023-10-12T00:42:54.377000", db: "NVD", id: "CVE-2023-44084", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds read vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013974", }, ], trust: 0.8, }, }
var-202309-0571
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens Company. It uses discrete event simulation to conduct production volume analysis and optimization, thereby improving manufacturing system performance
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202309-0571", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, { db: "NVD", id: "CVE-2023-41846", }, ], }, cve: "CVE-2023-41846", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-71231", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-41846", trust: 1, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-41846", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-71231", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, { db: "NVD", id: "CVE-2023-41846", }, { db: "NVD", id: "CVE-2023-41846", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens Company. It uses discrete event simulation to conduct production volume analysis and optimization, thereby improving manufacturing system performance", sources: [ { db: "NVD", id: "CVE-2023-41846", }, { db: "CNVD", id: "CNVD-2023-71231", }, { db: "VULMON", id: "CVE-2023-41846", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-41846", trust: 1.7, }, { db: "SIEMENS", id: "SSA-764801", trust: 1.7, }, { db: "CNVD", id: "CNVD-2023-71231", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-41846", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, { db: "VULMON", id: "CVE-2023-41846", }, { db: "NVD", id: "CVE-2023-41846", }, ], }, id: "VAR-202309-0571", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, ], }, last_update_date: "2023-12-18T12:14:36.316000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/463426", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-41846", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/119.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, { db: "VULMON", id: "CVE-2023-41846", }, { db: "NVD", id: "CVE-2023-41846", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-71231", }, { db: "VULMON", id: "CVE-2023-41846", }, { db: "NVD", id: "CVE-2023-41846", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-09-22T00:00:00", db: "CNVD", id: "CNVD-2023-71231", }, { date: "2023-09-12T00:00:00", db: "VULMON", id: "CVE-2023-41846", }, { date: "2023-09-12T10:15:29.880000", db: "NVD", id: "CVE-2023-41846", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-09-21T00:00:00", db: "CNVD", id: "CNVD-2023-71231", }, { date: "2023-09-12T00:00:00", db: "VULMON", id: "CVE-2023-41846", }, { date: "2023-09-14T18:00:49.853000", db: "NVD", id: "CVE-2023-41846", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2023-71231", }, ], trust: 0.6, }, }
var-202307-0576
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0576", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37374", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1574", }, ], trust: 0.7, }, cve: "CVE-2023-37374", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56536", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37374", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37374", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37374", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37374", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37374", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56536", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-727", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "CNNVD", id: "CNNVD-202307-727", }, { db: "NVD", id: "CVE-2023-37374", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37374", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "VULMON", id: "CVE-2023-37374", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37374", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021702", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21054", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1574", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56536", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-727", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37374", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "VULMON", id: "CVE-2023-37374", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "CNNVD", id: "CNNVD-202307-727", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, id: "VAR-202307-0576", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56536", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56536", }, ], }, last_update_date: "2024-01-21T20:33:54.011000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Stack Buffer Overflow Vulnerability (CNVD-2023-56536)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443046", }, { title: "Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246650", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "CNNVD", id: "CNNVD-202307-727", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37374", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37374/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "VULMON", id: "CVE-2023-37374", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "CNNVD", id: "CNNVD-202307-727", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1574", }, { db: "CNVD", id: "CNVD-2023-56536", }, { db: "VULMON", id: "CVE-2023-37374", }, { db: "JVNDB", id: "JVNDB-2023-021702", }, { db: "CNNVD", id: "CNNVD-202307-727", }, { db: "NVD", id: "CVE-2023-37374", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1574", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56536", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37374", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021702", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-727", }, { date: "2023-07-11T10:15:11.743000", db: "NVD", id: "CVE-2023-37374", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1574", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56536", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37374", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021702", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-727", }, { date: "2023-07-18T14:53:37.517000", db: "NVD", id: "CVE-2023-37374", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-727", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021702", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202307-727", }, ], trust: 0.6, }, }
var-202310-0156
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0156", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44086", }, ], }, cve: "CVE-2023-44086", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75582", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44086", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44086", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44086", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75582", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-44086", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "CNVD", id: "CNVD-2023-75582", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44086", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013981", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75582", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, id: "VAR-202310-0156", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, ], }, last_update_date: "2023-12-23T22:07:01.289000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds read vulnerability (CNVD-2023-75582)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466676", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1, }, { problemtype: "Out-of-bounds read (CWE-125) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44086", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75582", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75582", }, { db: "JVNDB", id: "JVNDB-2023-013981", }, { db: "NVD", id: "CVE-2023-44086", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-13T00:00:00", db: "CNVD", id: "CNVD-2023-75582", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013981", }, { date: "2023-10-10T11:15:12.817000", db: "NVD", id: "CVE-2023-44086", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75582", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013981", }, { date: "2023-10-12T00:43:21.853000", db: "NVD", id: "CVE-2023-44086", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds read vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013981", }, ], trust: 0.8, }, }
var-202307-0573
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0573", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37375", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Simon Janz (@esj4y)", sources: [ { db: "ZDI", id: "ZDI-23-1573", }, ], trust: 0.7, }, cve: "CVE-2023-37375", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56535", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37375", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37375", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37375", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37375", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37375", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56535", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-726", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "CNNVD", id: "CNNVD-202307-726", }, { db: "NVD", id: "CVE-2023-37375", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37375", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "VULMON", id: "CVE-2023-37375", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37375", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021701", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21060", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1573", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56535", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-726", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37375", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "VULMON", id: "CVE-2023-37375", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "CNNVD", id: "CNNVD-202307-726", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, id: "VAR-202307-0573", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56535", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56535", }, ], }, last_update_date: "2024-01-21T21:18:17.177000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Stack Buffer Overflow Vulnerability (CNVD-2023-56535)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443041", }, { title: "Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246649", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "CNNVD", id: "CNNVD-202307-726", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37375", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37375/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "VULMON", id: "CVE-2023-37375", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "CNNVD", id: "CNNVD-202307-726", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1573", }, { db: "CNVD", id: "CNVD-2023-56535", }, { db: "VULMON", id: "CVE-2023-37375", }, { db: "JVNDB", id: "JVNDB-2023-021701", }, { db: "CNNVD", id: "CNNVD-202307-726", }, { db: "NVD", id: "CVE-2023-37375", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1573", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56535", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37375", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021701", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-726", }, { date: "2023-07-11T10:15:11.813000", db: "NVD", id: "CVE-2023-37375", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1573", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56535", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37375", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021701", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-726", }, { date: "2023-07-18T14:55:14.487000", db: "NVD", id: "CVE-2023-37375", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-726", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021701", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202307-726", }, ], trust: 0.6, }, }
var-202310-0153
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0153", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44083", }, ], }, cve: "CVE-2023-44083", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75585", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44083", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44083", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44083", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75585", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-44083", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "CNVD", id: "CNVD-2023-75585", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44083", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-014036", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75585", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, id: "VAR-202310-0153", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, ], }, last_update_date: "2023-12-23T22:06:57.902000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds write vulnerability (CNVD-2023-75585)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466661", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44083", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75585", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75585", }, { db: "JVNDB", id: "JVNDB-2023-014036", }, { db: "NVD", id: "CVE-2023-44083", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-12T00:00:00", db: "CNVD", id: "CNVD-2023-75585", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-014036", }, { date: "2023-10-10T11:15:12.567000", db: "NVD", id: "CVE-2023-44083", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75585", }, { date: "2023-12-22T05:28:00", db: "JVNDB", id: "JVNDB-2023-014036", }, { date: "2023-10-12T00:42:31.957000", db: "NVD", id: "CVE-2023-44083", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-014036", }, ], trust: 0.8, }, }
var-202310-0150
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0150", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0003", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0009", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0003", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0009", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0003", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44087", }, ], }, cve: "CVE-2023-44087", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-75581", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-44087", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-44087", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-44087", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-75581", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. Siemens' tecnomatix Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-44087", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "CNVD", id: "CNVD-2023-75581", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44087", trust: 3.2, }, { db: "SIEMENS", id: "SSA-524778", trust: 2.4, }, { db: "JVN", id: "JVNVU98753493", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-23-285-10", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-013976", trust: 0.8, }, { db: "CNVD", id: "CNVD-2023-75581", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, id: "VAR-202310-0150", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, ], }, last_update_date: "2023-12-23T22:06:57.980000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds read vulnerability (CNVD-2023-75581)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/466681", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-125", trust: 1, }, { problemtype: "Out-of-bounds read (CWE-125) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98753493/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44087", }, { trust: 0.8, url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-10", }, { trust: 0.6, url: "https://cert-portal.siemens.com/productcert/html/ssa-524778.html", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-75581", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-75581", }, { db: "JVNDB", id: "JVNDB-2023-013976", }, { db: "NVD", id: "CVE-2023-44087", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-13T00:00:00", db: "CNVD", id: "CNVD-2023-75581", }, { date: "2023-12-22T00:00:00", db: "JVNDB", id: "JVNDB-2023-013976", }, { date: "2023-10-10T11:15:12.893000", db: "NVD", id: "CVE-2023-44087", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "CNVD", id: "CNVD-2023-75581", }, { date: "2023-12-22T05:15:00", db: "JVNDB", id: "JVNDB-2023-013976", }, { date: "2023-10-12T00:43:13.640000", db: "NVD", id: "CVE-2023-44087", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds read vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-013976", }, ], trust: 0.8, }, }
var-202308-0003
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0003", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-38681", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1571", }, ], trust: 0.7, }, cve: "CVE-2023-38681", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-71239", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-38681", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-38681", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-38681", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-38681", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-38681", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-71239", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. Siemens Tecnomatix Plant Simulation is an industrial control equipment from Germany's Siemens. Improve manufacturing system performance by leveraging the power of discrete event simulation for throughput analysis and optimization", sources: [ { db: "NVD", id: "CVE-2023-38681", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "VULMON", id: "CVE-2023-38681", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-38681", trust: 4, }, { db: "SIEMENS", id: "SSA-764801", trust: 2.5, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021427", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21270", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1571", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-71239", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-38681", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "VULMON", id: "CVE-2023-38681", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, id: "VAR-202308-0003", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-71239", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-71239", }, ], }, last_update_date: "2024-01-20T19:35:56.174000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation out-of-bounds write vulnerability (CNVD-2023-71239)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/463441", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-38681", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "VULMON", id: "CVE-2023-38681", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1571", }, { db: "CNVD", id: "CNVD-2023-71239", }, { db: "VULMON", id: "CVE-2023-38681", }, { db: "JVNDB", id: "JVNDB-2023-021427", }, { db: "NVD", id: "CVE-2023-38681", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1571", }, { date: "2023-09-22T00:00:00", db: "CNVD", id: "CNVD-2023-71239", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38681", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021427", }, { date: "2023-08-08T10:15:16.783000", db: "NVD", id: "CVE-2023-38681", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1571", }, { date: "2023-09-21T00:00:00", db: "CNVD", id: "CNVD-2023-71239", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38681", }, { date: "2024-01-19T05:42:00", db: "JVNDB", id: "JVNDB-2023-021427", }, { date: "2023-08-14T17:17:23.383000", db: "NVD", id: "CVE-2023-38681", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021427", }, ], trust: 0.8, }, }
var-202307-0575
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0575", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37247", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1556", }, ], trust: 0.7, }, cve: "CVE-2023-37247", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56538", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37247", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37247", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37247", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37247", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37247", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56538", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-728", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "CNNVD", id: "CNNVD-202307-728", }, { db: "NVD", id: "CVE-2023-37247", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37247", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "VULMON", id: "CVE-2023-37247", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37247", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021710", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21138", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1556", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56538", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-728", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37247", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "VULMON", id: "CVE-2023-37247", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "CNNVD", id: "CNNVD-202307-728", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, id: "VAR-202307-0575", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56538", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56538", }, ], }, last_update_date: "2024-01-21T22:09:50.846000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Heap Buffer Overflow Vulnerability (CNVD-2023-56538)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443056", }, { title: "Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246651", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "CNNVD", id: "CNNVD-202307-728", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37247", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37247/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "VULMON", id: "CVE-2023-37247", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "CNNVD", id: "CNNVD-202307-728", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1556", }, { db: "CNVD", id: "CNVD-2023-56538", }, { db: "VULMON", id: "CVE-2023-37247", }, { db: "JVNDB", id: "JVNDB-2023-021710", }, { db: "CNNVD", id: "CNNVD-202307-728", }, { db: "NVD", id: "CVE-2023-37247", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1556", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56538", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37247", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021710", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-728", }, { date: "2023-07-11T10:15:11.617000", db: "NVD", id: "CVE-2023-37247", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1556", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56538", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37247", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021710", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-728", }, { date: "2023-07-18T15:02:30.907000", db: "NVD", id: "CVE-2023-37247", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-728", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021710", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202307-728", }, ], trust: 0.6, }, }
var-202308-0004
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202308-0004", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1572", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-38679", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Simon Janz (@esj4y)", sources: [ { db: "ZDI", id: "ZDI-23-1572", }, ], trust: 0.7, }, cve: "CVE-2023-38679", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-38679", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-38679", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-38679", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-38679", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-38679", trust: 0.7, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1572", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure", sources: [ { db: "NVD", id: "CVE-2023-38679", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "ZDI", id: "ZDI-23-1572", }, { db: "VULMON", id: "CVE-2023-38679", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-38679", trust: 3.4, }, { db: "SIEMENS", id: "SSA-764801", trust: 1.9, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021425", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21106", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1572", trust: 0.7, }, { db: "VULMON", id: "CVE-2023-38679", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1572", }, { db: "VULMON", id: "CVE-2023-38679", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, id: "VAR-202308-0004", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.420371905, }, last_update_date: "2024-01-20T20:38:28.048000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1572", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-38679", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1572", }, { db: "VULMON", id: "CVE-2023-38679", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1572", }, { db: "VULMON", id: "CVE-2023-38679", }, { db: "JVNDB", id: "JVNDB-2023-021425", }, { db: "NVD", id: "CVE-2023-38679", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1572", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38679", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021425", }, { date: "2023-08-08T10:15:16.583000", db: "NVD", id: "CVE-2023-38679", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-19T00:00:00", db: "ZDI", id: "ZDI-23-1572", }, { date: "2023-08-08T00:00:00", db: "VULMON", id: "CVE-2023-38679", }, { date: "2024-01-19T05:42:00", db: "JVNDB", id: "JVNDB-2023-021425", }, { date: "2023-08-14T17:15:25.983000", db: "NVD", id: "CVE-2023-38679", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021425", }, ], trust: 0.8, }, }
var-202307-0574
Vulnerability from variot
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0574", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2302.0002", }, { model: "tecnomatix", scope: "lt", trust: 1, vendor: "siemens", version: "2201.0008", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2201", }, { model: "tecnomatix", scope: "gte", trust: 1, vendor: "siemens", version: "2302", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2302 that's all 2302.0002", }, { model: "tecnomatix", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "2201 that's all 2201.0008", }, { model: "tecnomatix", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "tecnomatix plant simulation", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2201<v2201.0008", }, { model: "tecnomatix plant simulation", scope: "eq", trust: 0.6, vendor: "siemens", version: "v2302<v2302.0002", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37248", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Anonymous", sources: [ { db: "ZDI", id: "ZDI-23-1558", }, ], trust: 0.7, }, cve: "CVE-2023-37248", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2023-56537", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-37248", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2023-37248", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37248", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2023-37248", trust: 1, value: "HIGH", }, { author: "ZDI", id: "CVE-2023-37248", trust: 0.7, value: "HIGH", }, { author: "CNVD", id: "CNVD-2023-56537", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-729", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "CNNVD", id: "CNNVD-202307-729", }, { db: "NVD", id: "CVE-2023-37248", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155). Siemens' tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files. Siemens Tecnomatix Plant Simulation is an industrial control device of Siemens, Germany. It uses discrete event simulation to analyze and optimize production volume, thereby improving the performance of manufacturing systems", sources: [ { db: "NVD", id: "CVE-2023-37248", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "VULMON", id: "CVE-2023-37248", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37248", trust: 4.6, }, { db: "SIEMENS", id: "SSA-764801", trust: 3.1, }, { db: "JVN", id: "JVNVU95292697", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2023-021709", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-21155", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-1558", trust: 0.7, }, { db: "CNVD", id: "CNVD-2023-56537", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202307-729", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37248", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "VULMON", id: "CVE-2023-37248", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "CNNVD", id: "CNNVD-202307-729", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, id: "VAR-202307-0574", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-56537", }, ], trust: 1.020371905, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-56537", }, ], }, last_update_date: "2024-01-21T22:12:37.094000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { title: "Patch for Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-56537)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/443051", }, { title: "Siemens Tecnomatix Plant Simulation Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246652", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "CNNVD", id: "CNNVD-202307-729", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { trust: 1.3, url: "https://cert-portal.siemens.com/productcert/html/ssa-764801.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu95292697/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37248", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37248/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "VULMON", id: "CVE-2023-37248", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "CNNVD", id: "CNNVD-202307-729", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-23-1558", }, { db: "CNVD", id: "CNVD-2023-56537", }, { db: "VULMON", id: "CVE-2023-37248", }, { db: "JVNDB", id: "JVNDB-2023-021709", }, { db: "CNNVD", id: "CNNVD-202307-729", }, { db: "NVD", id: "CVE-2023-37248", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1558", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56537", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37248", }, { date: "2024-01-19T00:00:00", db: "JVNDB", id: "JVNDB-2023-021709", }, { date: "2023-07-11T00:00:00", db: "CNNVD", id: "CNNVD-202307-729", }, { date: "2023-07-11T10:15:11.680000", db: "NVD", id: "CVE-2023-37248", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-11T00:00:00", db: "ZDI", id: "ZDI-23-1558", }, { date: "2023-07-17T00:00:00", db: "CNVD", id: "CNVD-2023-56537", }, { date: "2023-07-11T00:00:00", db: "VULMON", id: "CVE-2023-37248", }, { date: "2024-01-19T08:06:00", db: "JVNDB", id: "JVNDB-2023-021709", }, { date: "2023-07-19T00:00:00", db: "CNNVD", id: "CNNVD-202307-729", }, { date: "2023-07-18T15:03:03.557000", db: "NVD", id: "CVE-2023-37248", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202307-729", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens' tecnomatix Out-of-bounds write vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2023-021709", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202307-729", }, ], trust: 0.6, }, }
cve-2023-44086
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44086", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:14.688729Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:12.805Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:39.731Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44086", datePublished: "2023-10-10T10:21:39.731Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:12.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45601
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2024-09-19 14:07
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V35.0 |
Version: All versions < V35.0.262 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:16.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45601", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:07:38.593206Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:07:50.300Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.262", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.250", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V36.0.169", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:47.253Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-45601", datePublished: "2023-10-10T10:21:47.253Z", dateReserved: "2023-10-09T09:36:15.785Z", dateUpdated: "2024-09-19T14:07:50.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38680
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38680", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:18:33.968086Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:18:43.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:22.373Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38680", datePublished: "2023-08-08T09:20:45.202Z", dateReserved: "2023-07-24T09:52:57.445Z", dateUpdated: "2024-10-11T13:18:43.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37247
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:32.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37247", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:05:01.820528Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:05:21.064Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:08.515Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37247", datePublished: "2023-07-11T09:07:24.367Z", dateReserved: "2023-06-29T13:22:36.408Z", dateUpdated: "2024-11-08T17:05:21.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45204
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2024-09-18 18:44
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:14:20.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45204", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T18:43:33.428433Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T18:44:39.869Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-704", description: "CWE-704: Incorrect Type Conversion or Cast", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:44.994Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-45204", datePublished: "2023-10-10T10:21:44.994Z", dateReserved: "2023-10-05T15:37:13.907Z", dateUpdated: "2024-09-18T18:44:39.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44084
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44084", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:17.107801Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:25.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:36.220Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44084", datePublished: "2023-10-10T10:21:36.220Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:25.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37246
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:10:15.367660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:10:22.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:07.501Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37246", datePublished: "2023-07-11T09:07:23.336Z", dateReserved: "2023-06-29T13:22:36.408Z", dateUpdated: "2024-11-08T17:10:22.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37375
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-07 19:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37375", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T19:24:45.999048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T19:25:06.960Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:11.573Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37375", datePublished: "2023-07-11T09:07:27.503Z", dateReserved: "2023-07-03T13:24:27.346Z", dateUpdated: "2024-11-07T19:25:06.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37374
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 16:59
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37374", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T16:59:42.616277Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T16:59:50.279Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:10.553Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37374", datePublished: "2023-07-11T09:07:26.462Z", dateReserved: "2023-07-03T13:24:27.345Z", dateUpdated: "2024-11-08T16:59:50.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38679
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:51
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38679", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:51:35.961319Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:51:47.510Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:21.363Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38679", datePublished: "2023-08-08T09:20:44.162Z", dateReserved: "2023-07-24T09:52:57.445Z", dateUpdated: "2024-10-11T13:51:47.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41846
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-09-26 14:12
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:09:49.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41846", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:12:12.847807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:12:24.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:36.000Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-41846", datePublished: "2023-09-12T09:32:36.000Z", dateReserved: "2023-09-04T08:59:29.324Z", dateUpdated: "2024-09-26T14:12:24.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44083
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44083", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:18.395402Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:31.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:34.659Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44083", datePublished: "2023-10-10T10:21:34.659Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:31.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44082
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44082", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:19.981746Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:39.822Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:32.863Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44082", datePublished: "2023-10-10T10:21:32.863Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:39.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37248
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-08 17:00
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37248", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T17:00:16.648033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T17:00:28.083Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:09.541Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37248", datePublished: "2023-07-11T09:07:25.432Z", dateReserved: "2023-06-29T13:25:52.761Z", dateUpdated: "2024-11-08T17:00:28.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44085
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:15.878313Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:19.821Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:38.664Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44085", datePublished: "2023-10-10T10:21:38.664Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:19.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38681
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38681", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:18:05.452383Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:18:14.715Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:23.381Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38681", datePublished: "2023-08-08T09:20:46.256Z", dateReserved: "2023-07-24T09:52:57.446Z", dateUpdated: "2024-10-11T13:18:14.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44081
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:11.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44081", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:21.197919Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:48.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:31.775Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44081", datePublished: "2023-10-10T10:21:31.775Z", dateReserved: "2023-09-25T08:18:20.817Z", dateUpdated: "2025-02-27T20:45:48.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44087
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:45
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0009 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:52:12.030Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44087", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:12.487618Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:45:06.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0009", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0003", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T10:21:40.787Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-44087", datePublished: "2023-10-10T10:21:40.787Z", dateReserved: "2023-09-25T08:18:20.818Z", dateUpdated: "2025-02-27T20:45:06.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37376
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-07 17:59
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Tecnomatix Plant Simulation V2201 |
Version: All versions < V2201.0008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37376", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T17:59:41.050136Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T17:59:55.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0008", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0002", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T09:32:12.593Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-37376", datePublished: "2023-07-11T09:07:28.531Z", dateReserved: "2023-07-03T13:24:27.346Z", dateUpdated: "2024-11-07T17:59:55.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLa aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo SPP especialmente manipulado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44082", lastModified: "2024-11-21T08:25:11.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.487", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una lectura fuera de límites más allá del final de una estructura asignada mientras analizan archivos SPP especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44086", lastModified: "2024-11-21T08:25:12.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.817", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)", }, ], id: "CVE-2023-37375", lastModified: "2024-11-21T08:11:36.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.813", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)", }, ], id: "CVE-2023-37248", lastModified: "2024-11-21T08:11:18.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.680", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLa aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo SPP especialmente manipulado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44083", lastModified: "2024-11-21T08:25:12.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.567", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una vulnerabilidad de confusión de tipos al analizar archivos IGS especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. (ZDI-CAN-21268)", }, ], id: "CVE-2023-45204", lastModified: "2024-11-21T08:26:32.767", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:13.080", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-704", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 10:15
Modified
2024-11-21 08:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0008), Tecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0002). La aplicación afectada es vulnerable a la corrupción de la memoria al analizar archivos SPP especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-41846", lastModified: "2024-11-21T08:21:47.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-12T10:15:29.880", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)", }, ], id: "CVE-2023-37247", lastModified: "2024-11-21T08:11:18.103", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.617", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una lectura fuera de límites más allá del final de una estructura asignada mientras analizan archivos SPP especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44085", lastModified: "2024-11-21T08:25:12.327", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.737", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)", }, ], id: "CVE-2023-37376", lastModified: "2024-11-21T08:11:36.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.877", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)", }, ], id: "CVE-2023-37374", lastModified: "2024-11-21T08:11:36.350", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.743", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una lectura fuera de límites más allá del final de una estructura asignada mientras analizan archivos SPP especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44084", lastModified: "2024-11-21T08:25:12.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.650", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)", }, ], id: "CVE-2023-37246", lastModified: "2024-11-21T08:11:17.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-11T10:15:11.550", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una lectura fuera de límites más allá del final de una estructura asignada mientras analizan archivos SPP especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44087", lastModified: "2024-11-21T08:25:12.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.893", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 10:15
Modified
2024-11-21 08:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones inferiores a V2201.0008), Tecnomatix Plant Simulation V2302 (Todas las versiones inferiores a V2302.0002). La aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo SPP especialmente diseñado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. (ZDI-CAN-21106)", }, ], id: "CVE-2023-38679", lastModified: "2024-11-21T08:14:02.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T10:15:16.583", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 10:15
Modified
2024-11-21 08:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones inferiores a V2201.0008), Tecnomatix Plant Simulation V2302 (Todas las versiones inferiores a V2302.0002). La aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo SPP especialmente diseñado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. (ZDI-CAN-21132)", }, ], id: "CVE-2023-38680", lastModified: "2024-11-21T08:14:02.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T10:15:16.677", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 10:15
Modified
2024-11-21 08:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8C9093-BD78-4ECE-9221-A889371B3839", versionEndExcluding: "2201.0008", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C7103507-EE73-42FF-9DAB-37DD06467591", versionEndExcluding: "2302.0002", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2201 (Todas las versiones inferiores a V2201.0008), Tecnomatix Plant Simulation V2302 (Todas las versiones inferiores a V2302.0002). La aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo IGS especialmente diseñado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. (ZDI-CAN-21270)", }, ], id: "CVE-2023-38681", lastModified: "2024-11-21T08:14:02.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T10:15:16.783", references: [ { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:25
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en: \nTecnomatix Plant Simulation V2201 (Todas las versiones < V2201.0009),\nTecnomatix Plant Simulation V2302 (Todas las versiones < V2302.0003). \nLa aplicación afectada contiene una escritura fuera de límites más allá del final de un búfer asignado mientras analiza un archivo SPP especialmente manipulado. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual.", }, ], id: "CVE-2023-44081", lastModified: "2024-11-21T08:25:11.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:12.403", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 11:15
Modified
2024-11-21 08:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | parasolid | * | |
| siemens | parasolid | * | |
| siemens | parasolid | * | |
| siemens | tecnomatix | * | |
| siemens | tecnomatix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", matchCriteriaId: "1C96074D-757B-4A3F-8B04-504D52DBE0EE", versionEndExcluding: "35.0.262", versionStartIncluding: "35.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", matchCriteriaId: "78258279-F7F6-4057-8AE2-AF64387B04BB", versionEndExcluding: "35.1.250", versionStartIncluding: "35.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", matchCriteriaId: "97086FB9-6392-4B6D-8CD4-EA780AE4DD05", versionEndExcluding: "36.0.169", versionStartIncluding: "36.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCC6F17-BB3D-4FD0-B277-5DD86EB4C9F7", versionEndExcluding: "2201.0009", versionStartIncluding: "2201", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:tecnomatix:*:*:*:*:*:*:*:*", matchCriteriaId: "C29307AD-B728-41D3-9D57-FD5D1D51ACFA", versionEndExcluding: "2302.0003", versionStartIncluding: "2302", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Parasolid V35.0 (Todas las versiones < V35.0.262), \nParasolid V35.1 (Todas las versiones < V35.1.250), \nParasolid V36.0 (Todas las versiones < V36.0.169), \nTecnomatix Plant Simulation V2201 ( Todas las versiones < V2201.0009),\nTecnomatix Plant Simulator V2302 (Todas las versiones < V2302.0003). \nLas aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos IGS especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. (ZDI-CAN-21290)", }, ], id: "CVE-2023-45601", lastModified: "2024-11-21T08:27:02.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T11:15:13.247", references: [ { source: "productcert@siemens.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "productcert@siemens.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }