PT-2024-1044 · Siemens · Solid Edge

Published

2024-01-09

Updated

2024-01-10

CVE-2023-49123

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Solid Edge SE2023 versions prior to V223.0 Update 10

Description A heap-based buffer overflow vulnerability has been identified in the affected application while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. The vulnerability is related to a buffer overflow in memory, which can be exploited by an attacker to execute arbitrary code using specially crafted PAR files.

Recommendations For versions prior to V223.0 Update 10, update to V223.0 Update 10 or later to resolve the issue. As a temporary workaround, consider restricting the use of PAR files or avoiding the parsing of specially crafted PAR files until a patch is applied.

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2024-00256

CVE-2023-49123

Affected Products

Solid Edge

PT-2024-1044 · Siemens · Solid Edge

CVE-2023-49123

Weakness Enumeration

Related Identifiers

Affected Products

References · 6