gsd-2023-49128
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.
Aliases
Aliases
CVE-2023-49128


To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-49128",
    "id": "GSD-2023-49128"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49128"
      ],
      "details": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.",
      "id": "GSD-2023-49128",
      "modified": "2023-12-13T01:20:35.026076Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2023-49128",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Solid Edge SE2023",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V223.0 Update 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-787",
                "lang": "eng",
                "value": "CWE-787: Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6708C521-2523-4FFE-8D66-01386DF0FAAF",
                    "versionEndExcluding": "223.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "E0ADA2C0-4AA2-4FDB-AB71-2C905106A68F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0001:*:*:*:*:*:*",
                    "matchCriteriaId": "619B13A0-ADF3-4CC9-A5BD-6C99AE369D43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0002:*:*:*:*:*:*",
                    "matchCriteriaId": "E4C4B3EA-853A-4C75-AA5F-319E2802A722",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0003:*:*:*:*:*:*",
                    "matchCriteriaId": "28C04B66-7E6F-49E6-B7A9-E7357ADE5936",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0004:*:*:*:*:*:*",
                    "matchCriteriaId": "99A72C67-00A3-499A-9DDC-73AD29672A08",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0005:*:*:*:*:*:*",
                    "matchCriteriaId": "9C7B34D6-925F-4DB9-8418-962F35FE11C6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0006:*:*:*:*:*:*",
                    "matchCriteriaId": "211C7830-D4B9-4315-BDE8-F108FF6A609C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0007:*:*:*:*:*:*",
                    "matchCriteriaId": "52647713-2F45-4D35-B31A-5BB2E15175EF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0008:*:*:*:*:*:*",
                    "matchCriteriaId": "4378378B-BAEA-4200-9336-936835322DF6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0009:*:*:*:*:*:*",
                    "matchCriteriaId": "57968030-2B5F-41C1-B8B4-2405C84E3A06",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions \u003c V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2023 (todas las versiones "
          }
        ],
        "id": "CVE-2023-49128",
        "lastModified": "2024-01-10T20:28:33.693",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "productcert@siemens.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-09T10:15:18.520",
        "references": [
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.