CVE-2023-45601

10.10.2023, 11:15

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemens	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Vendor	Product	Version
siemens	parasolid	35.0 ≤ 𝑥 < 35.0.262
siemens	parasolid	35.1 ≤ 𝑥 < 35.1.250
siemens	parasolid	36.0 ≤ 𝑥 < 36.0.169
siemens	tecnomatix	2201 ≤ 𝑥 < 2201.0009
siemens	tecnomatix	2302 ≤ 𝑥 < 2302.0003

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf