Lucene search

SiemensCVELIST:CVE-2023-38532

HistoryAug 08, 2023 - 9:20 a.m.

CVE-2023-38532

2023-08-0809:20:41

CWE-770

siemens

www.cve.org

vulnerability

parasolid

teamcenter visualization

stack exhaustion

x_t file

denial of service

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

EPSS

0.001

Percentile

20.6%

JSON

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Parasolid V34.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V34.1.258",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V35.0.254",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V35.1.171",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.1.0.11",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.2.0.6",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.3.0.3",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-407785.html

cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

EPSS

0.001

Percentile

20.6%

JSON

Related for CVELIST:CVE-2023-38532