CVE-2022-43397

2022-11-0800:00:00

CWE-787

siemens

www.cve.org

parasolid

simcenter femap

vulnerability

code execution

x_t files

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS

0.001

Percentile

39.2%

JSON

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Simcenter Femap (All versions < V2023.1). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854)

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Parasolid V34.0",
    "versions": [
      {
        "version": "All versions < V34.0.252",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V34.1",
    "versions": [
      {
        "version": "All versions < V34.1.242",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.0",
    "versions": [
      {
        "version": "All versions < V35.0.170",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Simcenter Femap",
    "versions": [
      {
        "version": "All versions < V2023.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]