PT-2022-27828 · Siemens · Solid Edge+1
Published
2022-12-13
·
Updated
2024-02-02
·
CVE-2022-46345
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Parasolid versions prior to V33.1.264
Parasolid versions prior to V34.0.252
Parasolid versions prior to V34.1.242
Parasolid versions prior to V35.0.170
Solid Edge SE2022 versions prior to V222.0MP12
Solid Edge SE2023 versions prior to V223.0Update2
Description
A vulnerability has been identified that allows an attacker to execute code in the context of the current process by exploiting an out of bounds write past the end of an allocated structure while parsing specially crafted X B files.
Recommendations
For Parasolid versions prior to V33.1.264, update to version V33.1.264 or later.
For Parasolid versions prior to V34.0.252, update to version V34.0.252 or later.
For Parasolid versions prior to V34.1.242, update to version V34.1.242 or later.
For Parasolid versions prior to V35.0.170, update to version V35.0.170 or later.
For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later.
For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Parasolid
Solid Edge