Out of Bounds Write Vulnerability in Parasolid and Solid Edge Software by Siemens
CVE-2022-46348

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V33.1; Parasolid V34.0; Parasolid V34.1; Parasolid V35.0
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability exists in multiple versions of Siemens' Parasolid and Solid Edge applications, characterized by an out of bounds write when processing specially crafted X_B files. This issue can lead to potential code execution within the context of the affected process, posing a significant security risk if exploited.

Affected Version(s)

Parasolid V33.1 All versions < V33.1.264

Parasolid V34.0 All versions < V34.0.252

Parasolid V34.1 All versions < V34.1.242

References

https://cert-portal.siemens.com/productcert/pdf/ssa-58810...

https://cert-portal.siemens.com/productcert/pdf/ssa-49124...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 30, 2022