GSD-2023-49124
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-49124",
"id": "GSD-2023-49124"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-49124"
],
"details": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.",
"id": "GSD-2023-49124",
"modified": "2023-12-13T01:20:34.890429Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2023-49124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2023",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V223.0 Update 10"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-125",
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6708C521-2523-4FFE-8D66-01386DF0FAAF",
"versionEndExcluding": "223.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E0ADA2C0-4AA2-4FDB-AB71-2C905106A68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0001:*:*:*:*:*:*",
"matchCriteriaId": "619B13A0-ADF3-4CC9-A5BD-6C99AE369D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0002:*:*:*:*:*:*",
"matchCriteriaId": "E4C4B3EA-853A-4C75-AA5F-319E2802A722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0003:*:*:*:*:*:*",
"matchCriteriaId": "28C04B66-7E6F-49E6-B7A9-E7357ADE5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0004:*:*:*:*:*:*",
"matchCriteriaId": "99A72C67-00A3-499A-9DDC-73AD29672A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0005:*:*:*:*:*:*",
"matchCriteriaId": "9C7B34D6-925F-4DB9-8418-962F35FE11C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0006:*:*:*:*:*:*",
"matchCriteriaId": "211C7830-D4B9-4315-BDE8-F108FF6A609C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0007:*:*:*:*:*:*",
"matchCriteriaId": "52647713-2F45-4D35-B31A-5BB2E15175EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0008:*:*:*:*:*:*",
"matchCriteriaId": "4378378B-BAEA-4200-9336-936835322DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0009:*:*:*:*:*:*",
"matchCriteriaId": "57968030-2B5F-41C1-B8B4-2405C84E3A06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
}
],
"id": "CVE-2023-49124",
"lastModified": "2024-01-10T20:29:11.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2024-01-09T10:15:17.693",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…