PT-2023-6666 · Siemens · Solid Edge
Published
2023-02-14
·
Updated
2023-03-14
·
CVE-2023-24554
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Solid Edge SE2022 versions prior to V222.0MP12
Solid Edge SE2023 versions prior to V223.0Update2
Description
A vulnerability has been identified that involves an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. The issue is related to a memory read bug that can be exploited using specially crafted files.
Recommendations
For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later.
For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solid Edge