PT-2023-6654 · Siemens · Solid Edge
Published
2023-02-14
·
Updated
2023-03-14
·
CVE-2023-24551
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Solid Edge SE2022 versions prior to V222.0MP12
Solid Edge SE2023 versions prior to V223.0Update2
Description
A heap-based buffer underflow vulnerability has been identified in the affected application while parsing specially crafted PAR files. This issue could allow an attacker to execute code in the context of the current process.
Recommendations
For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later.
For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later.
As a temporary workaround, consider restricting the use of PAR files in the affected application until a patch is available.
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solid Edge