Out-of-Bounds Write Vulnerability in Parasolid and Simcenter Femap
CVE-2022-39144

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V33.1; Parasolid V34.0; Parasolid V34.1; Parasolid V35.0
Vendor: CVE Published:; 13 September 2022

Summary

A vulnerability exists in specific versions of Parasolid and Simcenter Femap that allows an out-of-bounds write past the end of an allocated buffer. This vulnerability is triggered when parsing specially crafted X_T files, potentially leading to unauthorized code execution in the context of the current process, which can compromise system integrity.

Affected Version(s)

Parasolid V33.1 All versions < V33.1.262

Parasolid V33.1 All versions >= V33.1.262 < V33.1.263

Parasolid V34.0 All versions < V34.0.252

References

https://cert-portal.siemens.com/productcert/pdf/ssa-51882...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Sep 1, 2022