Lucene search

SiemensCVE-2023-49132

HistoryJan 09, 2024 - 10:15 a.m.

CVE-2023-49132

2024-01-0910:15:19

CWE-824

siemens

web.nvd.nist.gov

cve-2023-49132

solid edge se2023

vulnerability

code execution

par files

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.1%

JSON

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Affected configurations

Nvd

Node

siemenssolid_edge_se2023Range<223.0

siemenssolid_edge_se2023Match223.0-

siemenssolid_edge_se2023Match223.0update_0001

siemenssolid_edge_se2023Match223.0update_0002

siemenssolid_edge_se2023Match223.0update_0003

siemenssolid_edge_se2023Match223.0update_0004

siemenssolid_edge_se2023Match223.0update_0005

siemenssolid_edge_se2023Match223.0update_0006

siemenssolid_edge_se2023Match223.0update_0007

siemenssolid_edge_se2023Match223.0update_0008

siemenssolid_edge_se2023Match223.0update_0009

VendorProductVersionCPE
siemenssolid_edge_se2023*cpe:2.3:a:siemens:solid_edge_se2023:*:*:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:-:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0001:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0002:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0003:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0004:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0005:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0006:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0007:*:*:*:*:*:*
siemenssolid_edge_se2023223.0cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0008:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	solid_edge_se2023	*	cpe:2.3:a:siemens:solid_edge_se2023::::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:-::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0001::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0002::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0003::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0004::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0005::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0006::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0007::::::
siemens	solid_edge_se2023	223.0	cpe:2.3:a:siemens:solid_edge_se2023:223.0:update_0008::::::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Solid Edge SE2023",
    "versions": [
      {
        "version": "All versions < V223.0 Update 10",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.1%

JSON

Related for CVE-2023-49132