Out of Bounds Vulnerability in Solid Edge SE2023 Product by Siemens
CVE-2023-30985

3.3LOW

Key Information:

Vendor: Siemens
Status: Solid Edge Se2023
Vendor: CVE Published:; 9 May 2023

Summary

A vulnerability has been discovered in Siemens Solid Edge SE2023, affecting all versions prior to V223.0 Update 3 and V223.0 Update 2. This flaw arises during the parsing of specially crafted OBJ files, leading to an out of bounds read past an allocated buffer. Exploitation of this vulnerability may allow attackers to access sensitive information from the application, potentially compromising the confidentiality and integrity of user data.

Affected Version(s)

Solid Edge SE2023 All versions < V223.0 Update 3

Solid Edge SE2023 All versions < V223.0 Update 2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-93252...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 21, 2023