CVE-2022-46346

Published Dec 13, 2022

Last updated 9 months ago

CVSS high 7.8

Overview

Description: A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

productcert@siemens.com: CWE-787
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1405366-A402-4908-858D-E844853BE1DA",
            "versionEndExcluding": "33.1.264",
            "versionStartIncluding": "33.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0D9079D-6138-4602-A982-9BC4ECBC35E7",
            "versionEndExcluding": "34.0.252",
            "versionStartIncluding": "34.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C486991-A1C0-4815-AAD6-163464D711AA",
            "versionEndExcluding": "34.1.242",
            "versionStartIncluding": "34.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA2114FD-BB07-4C24-98B1-928A510565BB",
            "versionEndExcluding": "35.0.170",
            "versionStartIncluding": "35.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FF17E24-2697-4110-8A0F-BC76BA617C76"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60B92DC2-5A0D-4F6E-81FD-3A0CA25B0D32"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:223.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0ADA2C0-4AA2-4FDB-AB71-2C905106A68F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References