Code Execution Vulnerability in Parasolid and Teamcenter Visualization by Siemens
CVE-2023-38524

2LOW

Key Information:

Vendor
Siemens
Status
Parasolid V34.1
Parasolid V35.0
Parasolid V35.1
Teamcenter Visualization V14.1
Vendor
CVE Published:
8 August 2023

Summary

A vulnerability exists within various versions of Parasolid and Teamcenter Visualization products, which involves a null pointer dereference when processing specially crafted X_T files. This flaw can potentially enable an attacker to execute arbitrary code within the context of the affected application, posing significant security risks to systems utilizing these products.

Affected Version(s)

Parasolid V34.1 0

Parasolid V35.0 0

Parasolid V35.1 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-40778...
https://cert-portal.siemens.com/productcert/html/ssa-4077...

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.