CVE-2023-49125

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemensCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
siemensparasolid
35.0 ≤
𝑥
< 35.0.263
siemensparasolid
35.1 ≤
𝑥
< 35.1.252
siemensparasolid
36.0 ≤
𝑥
< 36.0.198
siemenssolid_edge_se2023
𝑥
< 223.0
siemenssolid_edge_se2023
223.0:update_0001
siemenssolid_edge_se2023
223.0:update_0002
siemenssolid_edge_se2023
223.0:update_0003
siemenssolid_edge_se2023
223.0:update_0004
siemenssolid_edge_se2023
223.0:update_0005
siemenssolid_edge_se2023
223.0:update_0006
siemenssolid_edge_se2023
223.0:update_0007
siemenssolid_edge_se2023
223.0:update_0008
siemenssolid_edge_se2023
223.0:update_0009
siemenssolid_edge_se2023
223.0:update_0010
siemenssolid_edge_se2024
𝑥
< 224.0
siemenssolid_edge_se2024
224.0:update_0001
siemenssolid_edge_se2024
224.0:update_0002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-382651.html
https://cert-portal.siemens.com/productcert/html/ssa-797296.html
https://cert-portal.siemens.com/productcert/html/ssa-382651.html
https://cert-portal.siemens.com/productcert/html/ssa-797296.html