Out of Bounds Read Vulnerability in Solid Edge SE2022 and SE2023 by Siemens
CVE-2023-24565

3.3LOW

Key Information:

Vendor: Siemens
Status: Solid Edge SE2022; Solid Edge SE2023
Vendor: CVE Published:; 14 February 2023

Summary

A security vulnerability has been identified in Solid Edge SE2022 and SE2023 that allows for an out of bounds read past the end of an allocated buffer when processing specially crafted STL files. This flaw may enable an attacker to read sensitive data, posing a risk to the confidentiality of information handled within the application. Users of impacted versions are advised to apply the necessary updates to mitigate potential exploitation.

Affected Version(s)

Solid Edge SE2022 All versions < V222.0MP12

Solid Edge SE2022 All versions

Solid Edge SE2023 All versions < V223.0Update2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-49124...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 26, 2023