Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap by Siemens
CVE-2023-41032

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V34.1; Parasolid V35.0; Parasolid V35.1; Parasolid V36.0
Vendor: CVE Published:; 12 September 2023

Summary

A vulnerability has been detected in specific versions of Parasolid and Simcenter Femap, wherein the applications exhibit an out of bounds write issue while processing specially crafted X_T files. This flaw could potentially enable an attacker to execute arbitrary code within the context of the affected process, thereby compromising the integrity and security of the application.

Affected Version(s)

Parasolid V34.1 All versions < V34.1.258

Parasolid V35.0 All versions < V35.0.253

Parasolid V35.1 All versions < V35.1.184

References

https://cert-portal.siemens.com/productcert/pdf/ssa-19083...

https://cert-portal.siemens.com/productcert/pdf/ssa-88712...

https://www.bentley.com/advisories/be-2023-0004/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 22, 2023