Stack Overflow Vulnerability in Parasolid and Tecnomatix Products
CVE-2023-45601

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V35.0; Parasolid V35.1; Parasolid V36.0; Tecnomatix Plant Simulation V2201
Vendor: CVE Published:; 10 October 2023

Summary

A stack overflow vulnerability has been detected in specific versions of Parasolid and Tecnomatix Plant Simulation products. This vulnerability arises when the software processes specially crafted IGS files, leading to potential code execution in the context of the running process. Users of affected versions are advised to update to the latest releases to mitigate any associated risks.

Affected Version(s)

Parasolid V35.0 All versions < V35.0.262

Parasolid V35.1 All versions < V35.1.250

Parasolid V36.0 All versions < V36.0.169

References

https://cert-portal.siemens.com/productcert/pdf/ssa-52477...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Oct 9, 2023