Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap Products
CVE-2023-41033

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V35.0; Parasolid V35.1; Parasolid V36.0; Simcenter Femap V2301
Vendor: CVE Published:; 12 September 2023

Summary

A significant vulnerability has been discovered in several versions of Siemens' Parasolid and Simcenter Femap software. This flaw enables an out of bounds write condition when processing specially crafted X_T files, which can lead to unauthorized code execution. All versions of Parasolid and Simcenter Femap prior to the specified updates are susceptible. It is imperative for users of these products to apply the necessary updates to mitigate potential security risks.

Affected Version(s)

Parasolid V35.0 All versions < V35.0.260

Parasolid V35.1 All versions < V35.1.246

Parasolid V36.0 All versions < V36.0.156

References

https://cert-portal.siemens.com/productcert/pdf/ssa-19083...

https://cert-portal.siemens.com/productcert/pdf/ssa-88712...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 22, 2023