gsd - gsd-2024-26276

gsd-2024-26276

Vulnerability from gsd

Modified

2024-02-16 06:02

Details

A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Aliases

CVE-2024-26276

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-26276"
      ],
      "details": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.",
      "id": "GSD-2024-26276",
      "modified": "2024-02-16T06:02:27.245581Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2024-26276",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Parasolid V35.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V35.1.254"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Parasolid V36.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V36.0.207"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Parasolid V36.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V36.1.147"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-770",
                "lang": "eng",
                "value": "CWE-770: Allocation of Resources Without Limits or Throttling"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
          }
        ],
        "id": "CVE-2024-26276",
        "lastModified": "2024-04-09T12:48:04.090",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 1.4,
              "source": "productcert@siemens.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-04-09T09:15:24.457",
        "references": [
          {
            "source": "productcert@siemens.com",
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-770"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

cve-2024-26276

Vulnerability from cvelistv5

Published

2024-04-09 08:34

Modified

2024-08-13 07:54

Severity

3.3 (Low) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - cvssV4_0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Summary

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

References

URL	Tags
https://cert-portal.siemens.com/productcert/html/ssa-222019.html
https://cert-portal.siemens.com/productcert/html/ssa-771940.html

Impacted products

Vendor	Product
Siemens	JT2Go
Siemens	Parasolid V35.1
Siemens	Parasolid V36.0
Siemens	Parasolid V36.1
Siemens	Teamcenter Visualization V14.2
Siemens	Teamcenter Visualization V14.3
Siemens	Teamcenter Visualization V2312

Show details on NVD website