CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45601 – Siemens Tecnomatix Plant Simulation IGS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-45601
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) Se ha identificado una vulnerabilidad en Parasolid V35.0 (Todas las versiones < V35.0.262), Parasolid V35.1 (Todas las versiones < V35.1.250), Parasolid V36.0 (Todas las versiones < V36.0.169), Tecnomatix Plant Simulation V2201 ( Todas las versiones < V2201.0009), Tecnomatix Plant Simulator V2302 (Todas las versiones < V2302.0003). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos IGS especialmente manipulados. Esto podría permitir a un atacante ejecutar código en el contexto del proceso actual. • https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41033 – Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41033
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266) Se ha identificado una vulnerabilidad en Parasolid V35.0 (todas las versiones < V35.0.260), Parasolid V35.1 (todas las versiones < V35.1.246), Parasolid V36.0 (todas las versiones < V36.0.156). La aplicación afectada contiene una escritura fuera de los límites más allá del final de una estructura asignada mientras analiza archivos X_T especialmente manipulados. • https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41032 – Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41032
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263) Se ha identificado una vulnerabilidad en Parasolid V34.1 (todas las versiones < V34.1.258), Parasolid V35.0 (todas las versiones < V35.0.253), Parasolid V35.1 (todas las versiones < V35.1.184), Parasolid V36.0 (todas las versiones < V36.0.142). La aplicación afectada contiene una escritura fuera de los límites más allá del final de una estructura asignada mientras analiza archivos X_T especialmente manipulados. • https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf https://www.bentley.com/advisories/be-2023-0004 • CWE-787: Out-of-bounds Write •