CVE-2023-30985
Siemens Solid Edge Viewer OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of OBJ files. Crafted data in an OBJ file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-04-21 CVE Reserved
- 2023-05-09 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-932528.pdf | 2023-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Solid Edge Se2023 Search vendor "Siemens" for product "Solid Edge Se2023" | - | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Solid Edge Se2023 Search vendor "Siemens" for product "Solid Edge Se2023" | update_0001 Search vendor "Siemens" for product "Solid Edge Se2023" and version "update_0001" | - |
Affected
|