Xina1I

**Name of the Vulnerable Software and Affected Versions** Windows GDI (affected versions not specified) **Description** An out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose sensitive information locally and affect the system. An out-of-bounds read occurs when a program reads data past the end, or before the beginning, of the intended buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows GDI (affected versions not specified) **Description** An out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose sensitive information locally and affect the system. An out-of-bounds read occurs when a program reads data past the end of the intended buffer, potentially accessing memory it should not. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows GDI+ (affected versions not specified) **Description** A flaw exists in Windows GDI+ that could allow an unauthorized attacker to cause a denial-of-service condition over a network. This issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Parasolid versions prior to V34.1.258 Parasolid versions prior to V35.0.253 Parasolid versions prior to V35.1.184 Parasolid versions prior to V36.0.142 Simcenter Femap versions prior to V2301.0003 Simcenter Femap versions prior to V2306.0001 **Description** The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X T files. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to a buffer overflow in memory, which can be exploited by an attacker using specially crafted files. **Recommendations** For Parasolid versions prior to V34.1.258, update to version V34.1.258 or later. For Parasolid versions prior to V35.0.253, update to version V35.0.253 or later. For Parasolid versions prior to V35.1.184, update to version V35.1.184 or later. For Parasolid versions prior to V36.0.142, update to version V36.0.142 or later. For Simcenter Femap versions prior to V2301.0003, update to version V2301.0003 or later. For Simcenter Femap versions prior to V2306.0001, update to version V2306.0001 or later. As a temporary workaround, consider restricting the use of X T files until a patch is available. Avoid using specially crafted X T files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OMRON CX-Programmer versions 9.78 and prior **Description** The issue is related to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. This vulnerability is associated with the possibility of writing beyond the buffer boundaries in memory, potentially enabling an attacker to execute arbitrary code. **Recommendations** For OMRON CX-Programmer versions 9.78 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Programmer versions 9.78 and prior **Description** The issue is related to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. This is due to a buffer overflow vulnerability in the CX-P.exe executable file, allowing an attacker to potentially execute arbitrary code. **Recommendations** For Omron CX-Programmer versions 9.78 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMRON CX-Programmer versions 9.78 and prior **Description** The issue is related to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. This is due to a buffer overflow vulnerability in the CX-P.exe executable file of the OMRON CX-Programmer software, allowing an attacker to potentially execute arbitrary code. **Recommendations** For OMRON CX-Programmer versions 9.78 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the parsing of FBX files, which can force an out-of-bounds read when an affected version of MicroStation or MicroStation-based application is used to open a crafted FBX file. This could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. As a temporary workaround, consider avoiding the use of FBX files with affected versions of MicroStation or MicroStation-based applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the parsing of OBJ files, which can force an out-of-bounds read when an affected version of MicroStation or MicroStation-based application is used to open a crafted OBJ file. This could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. As a temporary workaround, consider avoiding the use of OBJ files with affected versions of MicroStation or MicroStation-based applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the parsing of 3DS files, which can force an out-of-bounds read when using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data. This could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. As a temporary workaround, consider avoiding the use of 3DS files in affected versions of MicroStation or MicroStation-based applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the parsing of JP2 files, which can force an out-of-bounds read when opening a JP2 file containing crafted data using an affected version of MicroStation or a MicroStation-based application. This could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the affected software. Using an affected version to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of this issue within the parsing of IFC files could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later. As a temporary workaround, consider avoiding the use of IFC files from untrusted sources until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered in the parsing of J2K files, which can force an out-of-bounds read when using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data. This could enable an attacker to read information in the context of the current process. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. As a temporary workaround, consider avoiding the use of J2K files in affected versions of MicroStation or MicroStation-based applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bentley MicroStation versions prior to 10.17.0.x Bentley View versions prior to 10.17.0.x **Description** An issue was discovered that allows an out-of-bounds read when opening a DGN file containing crafted data with an affected version of MicroStation or a MicroStation-based application. This could enable an attacker to read information in the context of the current process during the parsing of DGN files. **Recommendations** For Bentley MicroStation versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue. For Bentley View versions prior to 10.17.0.x, update to version 10.17.0.x or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Position versions 2.5.3 and prior **Description** The issue is related to an out-of-bounds write in memory, which can be exploited to execute arbitrary code. This occurs while processing a specific project file. **Recommendations** For Omron CX-Position versions 2.5.3 and prior, update to a version later than 2.5.3 to resolve the issue. As a temporary workaround, consider restricting the processing of project files from untrusted sources until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Position versions 2.5.3 and prior **Description** The issue is related to memory corruption that occurs when processing a specific project file, potentially allowing an attacker to execute arbitrary code. This is due to a buffer overflow in memory when handling NCI files. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Omron CX-Position versions 2.5.3 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Position versions 2.5.3 and prior **Description** The issue is related to multiple stack-based buffer overflow conditions that occur while parsing a specific project file. This may allow an attacker to locally execute arbitrary code. The vulnerability is associated with the Omron CX-One software package, specifically the CX-Position component. **Recommendations** For Omron CX-Position versions 2.5.3 and prior, consider disabling the project file parsing functionality until a patch is available. As a temporary workaround, restrict the use of specific project files that may trigger the buffer overflow condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Omron CX-Position versions 2.5.3 and prior **Description** The issue is related to a use after free memory condition that occurs while processing a specific project file. This can potentially allow an attacker to execute arbitrary code using a specially crafted file. **Recommendations** For Omron CX-Position versions 2.5.3 and prior, consider avoiding the use of specific project files that may trigger the use after free memory condition until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fatek Automation FvDesigner (affected versions not specified) **Description** The issue allows an attacker to craft a project file that enables arbitrary code execution due to an out-of-bounds read while processing project files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to a stack-based buffer overflow that occurs while processing project files. This may allow an attacker to execute arbitrary code. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.