CVE-2022-37864

Published Oct 11, 2022

Last updated 2 years ago

CVSS high 7.8

Overview

Description: A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787
productcert@siemens.com: CWE-122

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07440B76-B975-4946-8A97-38C564D240E4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F0A748E-BB6F-4604-8024-F50DC0C20EAF"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F495722-39BD-4BA1-A643-C7D0BA81CC21"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B776512-BF3D-4F70-BD58-AFF8E1B03EE2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99E05299-50FD-4292-9978-8E05C1483FE2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2447D05B-2634-4895-B7B0-6F7DBB9D2EC2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBBD39F3-790F-4017-A57E-6EFC314F0557"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4387BFA-8A98-433E-9EF7-B29226C195A7"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E380F66-C11C-472B-9B71-7CB4AF4FABDC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References