CVE-2023-41032

2023-09-1210:15:29

CWE-787

siemens

web.nvd.nist.gov

vulnerability

parasolid

simcenter femap

code execution

cve-2023-41032

security issue

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.3%

JSON

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)

Affected configurations

Nvd

Node

siemensparasolidRange34.1–34.1.258

siemensparasolidRange35.0–35.0.253

siemensparasolidRange35.1–35.1.184

siemensparasolidRange36.0–36.0.142

siemenssimcenter_femapRange2301.0–2301.0003

siemenssimcenter_femapRange2306.0–2306.0001

VendorProductVersionCPE
siemensparasolid*cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*
siemenssimcenter_femap*cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	parasolid	*	cpe:2.3:a:siemens:parasolid::::::::
siemens	simcenter_femap	*	cpe:2.3:a:siemens:simcenter_femap::::::::

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Parasolid V34.1",
    "versions": [
      {
        "version": "All versions < V34.1.258",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.0",
    "versions": [
      {
        "version": "All versions < V35.0.253",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.1",
    "versions": [
      {
        "version": "All versions < V35.1.184",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V36.0",
    "versions": [
      {
        "version": "All versions < V36.0.142",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Simcenter Femap V2301",
    "versions": [
      {
        "version": "All versions < V2301.0003",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Simcenter Femap V2306",
    "versions": [
      {
        "version": "All versions < V2306.0001",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]