PT-2023-6668 · Siemens · Siemens Solid Edge Se2023+1
Published
2023-02-14
·
Updated
2023-03-14
·
CVE-2023-24557
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siemens Solid Edge SE2022 versions prior to V222.0MP12
Siemens Solid Edge SE2023 versions prior to V223.0Update2
Description
The issue is related to an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. The vulnerability is associated with reading beyond memory boundaries.
Recommendations
For Siemens Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later.
For Siemens Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later.
As a temporary workaround, consider restricting the use of specially crafted PAR files until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siemens Solid Edge Se2022
Siemens Solid Edge Se2023