
CVE-2024-32060 – Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32060
14 May 2024 — A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565) Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones This vulnerability allows remote attackers to execute arbitrary code on affected installat... • https://cert-portal.siemens.com/productcert/html/ssa-064222.html • CWE-125: Out-of-bounds Read •

CVE-2024-32059 – Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32059
14 May 2024 — A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564) Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones This vulnerability allows remote attackers to execute arbitrary code on affected installat... • https://cert-portal.siemens.com/productcert/html/ssa-064222.html • CWE-125: Out-of-bounds Read •

CVE-2024-32058 – Siemens Simcenter Femap IGS File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32058
14 May 2024 — A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563) Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. Us... • https://cert-portal.siemens.com/productcert/html/ssa-064222.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2024-32057 – Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32057
14 May 2024 — A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562) Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interactio... • https://cert-portal.siemens.com/productcert/html/ssa-064222.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-32055
https://notcve.org/view.php?id=CVE-2024-32055
14 May 2024 — A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones • https://cert-portal.siemens.com/productcert/html/ssa-064222.html • CWE-125: Out-of-bounds Read •

CVE-2024-31980
https://notcve.org/view.php?id=CVE-2024-31980
14 May 2024 — A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468) Se ha identificado una vulnerabilidad en Parasolid V35.1 (Todas las versiones < V35.1.256), Para... • https://cert-portal.siemens.com/productcert/html/ssa-489698.html • CWE-787: Out-of-bounds Write •

CVE-2024-26276
https://notcve.org/view.php?id=CVE-2024-26276
09 Apr 2024 — A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker ... • https://cert-portal.siemens.com/productcert/html/ssa-222019.html • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2024-26275
https://notcve.org/view.php?id=CVE-2024-26275
09 Apr 2024 — A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. Th... • https://cert-portal.siemens.com/productcert/html/ssa-222019.html • CWE-125: Out-of-bounds Read •

CVE-2024-22043
https://notcve.org/view.php?id=CVE-2024-22043
13 Feb 2024 — A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Se ha identificado una vulnerabilidad en Parasolid V35.0 (todas las versiones < V35.0.251), Parasolid V35.1 (todas las versiones < V35.1.170). Las aplicac... • https://cert-portal.siemens.com/productcert/html/ssa-797296.html • CWE-476: NULL Pointer Dereference •

CVE-2023-45601 – Siemens Tecnomatix Plant Simulation IGS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-45601
10 Oct 2023 — A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) Se ha i... • https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •