Memory Corruption Vulnerability in Solid Edge SE2023 by Siemens
CVE-2023-30986

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2023
Vendor: CVE Published:; 9 May 2023

Summary

A memory corruption vulnerability has been discovered in Solid Edge SE2023 that affects all versions prior to V223.0 Update 3 and V223.0 Update 2. The flaw arises during the parsing of specially crafted STP files, potentially enabling an attacker to execute arbitrary code within the current process context. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Solid Edge SE2023 All versions < V223.0 Update 3

Solid Edge SE2023 All versions < V223.0 Update 2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-93252...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 21, 2023