CVE-2023-41033

12.09.2023, 10:15

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemens	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Vendor	Product	Version
siemens	parasolid	35.0 ≤ 𝑥 < 35.0.260
siemens	parasolid	35.1 ≤ 𝑥 < 35.1.246
siemens	parasolid	36.0 ≤ 𝑥 < 36.0.156
siemens	simcenter_femap	2301.0 ≤ 𝑥 < 2301.0003
siemens	simcenter_femap	2306.0 ≤ 𝑥 < 2306.0001

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf