CVE-2023-38529

🗓️ 08 Aug 2023 09:20:38Reported by siemensType

A vulnerability in Parasolid and Teamcenter Visualization allows code execution via specially crafted X_T file

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of Parasolid’s 3D geometric modeling tool, along with the Teamcenter Visualization product lifecycle management system, relates to reading beyond the buffer in memory. This allows a malicious actor to execute arbitrary code.	26 Sep 202300:00	–	bdu_fstec
CNNVD	Siemens Parasolid 缓冲区错误漏洞	8 Aug 202300:00	–	cnnvd
CNVD	Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62047)	9 Aug 202300:00	–	cnvd
CVE	CVE-2023-38529	8 Aug 202309:20	–	cve
EUVD	EUVD-2023-42328	3 Oct 202520:07	–	euvd
ICS	Siemens Parasolid and Teamcenter Visualization	8 Aug 202300:00	–	ics
NCSC	Vulnerabilities fixed in Siemens products	8 Aug 202300:00	–	ncsc
NVD	CVE-2023-38529	8 Aug 202310:15	–	nvd
Prion	Out-of-bounds	8 Aug 202310:15	–	prion
Positive Technologies	PT-2023-5409 · Siemens · Parasolid +1	8 Aug 202300:00	–	ptsecurity

[
  {
    "vendor": "Siemens",
    "product": "Parasolid V34.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V34.1.258",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.0",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V35.0.254",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Parasolid V35.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V35.1.184",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.2.0.12",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V14.3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V14.3.0.9",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Teamcenter Visualization V2312",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2312.0004",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-407785.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf

13 Aug 2024 07:50Current

7.7High risk

Vulners AI Score7.7

CVSS 47.3

CVSS 3.17.8

EPSS0.0012

CWE-125