Siemens Solid Edge

🗓️ 14 Feb 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 37 Views

Siemens Solid Edge ICS security advisory no longer updated after January 10, 2023. Vulnerabilities include out-of-bounds write, read, heap and stack-based overflow, use after free. Low attack complexity. Affected products: Solid Edge versions SE2022 and SE2023. Malicious files could crash app, extract data, execute code

Reporter	Title	Published	Views	Family All 186
ATTACKERKB	CVE-2022-46345	13 Dec 202216:15	–	attackerkb
ATTACKERKB	CVE-2022-46346	13 Dec 202216:15	–	attackerkb
Circl	CVE-2021-32936	17 Jun 202116:41	–	circl
Circl	CVE-2021-32938	17 Jun 202116:41	–	circl
Circl	CVE-2021-43336	15 Nov 202100:11	–	circl
Circl	CVE-2021-43391	15 Nov 202100:11	–	circl
Circl	CVE-2022-46346	13 Dec 202218:21	–	circl
Circl	CVE-2022-46348	13 Dec 202218:28	–	circl
Circl	CVE-2023-22295	20 Apr 202322:30	–	circl
Circl	CVE-2023-22321	20 Apr 202322:30	–	circl

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-491245.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-491245.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-047-01.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-047-01
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

14 Feb 2023 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS 26.8

CVSS 3.17.8

EPSS0.00375

SSVC