CVE-2023-38528

Published Aug 8, 2023

Last updated 5 months ago

CVSS high 7.3

Overview

Description: A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 4.0

Type: Secondary
Base score: 7.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787
productcert@siemens.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7751190-C386-451B-88B5-4BB4DCBFCE44",
            "versionEndExcluding": "34.1.258",
            "versionStartIncluding": "34.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B5F1A02-44EB-45AA-B071-764B64473313",
            "versionEndExcluding": "35.0.254",
            "versionStartIncluding": "35.0"
          },
          {
            "criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1954A7E9-D533-46A5-8CA4-B4A5A128C345",
            "versionEndExcluding": "35.1.197",
            "versionStartIncluding": "35.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EF3388B-D057-4DB9-96AE-B6F4678FE5B8",
            "versionEndExcluding": "14.1.0.11",
            "versionStartIncluding": "14.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1EFF45-5311-4E89-B736-271EF3C0C232",
            "versionEndExcluding": "14.2.0.6",
            "versionStartIncluding": "14.2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99F0D457-7D65-40DC-BCFA-339FA5648709",
            "versionEndExcluding": "14.3.0.3",
            "versionStartIncluding": "14.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 4.0

CVSS 3.1

Weaknesses

Social media

Configurations

References