CVE-2022-39150

2022-09-1310:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-39150

vulnerability

parasolid

simcenter femap

out of bounds write

security issue

code execution

nvd

zdi-can-17735

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.1%

JSON

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)

Affected configurations

NVD

Node

siemenssimcenter_femapRange2022.1–2022.1.3

siemenssimcenter_femapRange2022.2–2022.2.2

Node

siemensparasolidRange33.1–33.1.263

siemensparasolidRange34.0–34.0.252

siemensparasolidRange34.1–34.1.242

siemensparasolidRange35.0–35.0.164

CPENameOperatorVersion
siemens:simcenter_femapsiemens simcenter femaplt2022.1.3
siemens:simcenter_femapsiemens simcenter femaplt2022.2.2

CPE	Name	Operator	Version
siemens:simcenter_femap	siemens simcenter femap	lt	2022.1.3
siemens:simcenter_femap	siemens simcenter femap	lt	2022.2.2

CNA Affected

[
  {
    "product": "Parasolid V33.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V33.1.262"
      }
    ]
  },
  {
    "product": "Parasolid V33.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V33.1.262 < V33.1.263"
      }
    ]
  },
  {
    "product": "Parasolid V34.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V34.0.252"
      }
    ]
  },
  {
    "product": "Parasolid V34.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V34.1.242"
      }
    ]
  },
  {
    "product": "Parasolid V35.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <  V35.0.161"
      }
    ]
  },
  {
    "product": "Parasolid V35.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V35.0.161 < V35.0.164"
      }
    ]
  },
  {
    "product": "Simcenter Femap V2022.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2022.1.3"
      }
    ]
  },
  {
    "product": "Simcenter Femap V2022.2",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2022.2.2"
      }
    ]
  }
]