Lucene search

SiemensCVE-2022-47967

HistoryJan 10, 2023 - 12:15 p.m.

CVE-2022-47967

2023-01-1012:15:23

CWE-119

CWE-787

siemens

web.nvd.nist.gov

vulnerability

solid edge

docmgmt.dll

cve-2022-47967

memory corruption

code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.

Affected configurations

Nvd

Node

siemenssolid_edgeRange<se2023

siemenssolid_edgeMatchse2023-

VendorProductVersionCPE
siemenssolid_edge*cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
siemenssolid_edgese2023cpe:2.3:a:siemens:solid_edge:se2023:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	solid_edge	*	cpe:2.3:a:siemens:solid_edge::::::::
siemens	solid_edge	se2023	cpe:2.3:a:siemens:solid_edge:se2023:-::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Solid Edge",
    "versions": [
      {
        "version": "All versions < V2023 MP1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-997779.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.1%

JSON

Related for CVE-2022-47967