Siemens
Products by Siemens Sorted by Most Security Vulnerabilities since 2018
Known Exploited Siemens Vulnerabilities
The following Siemens vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability | An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service. CVE-2016-8562 | March 3, 2022 |
By the Year
In 2023 there have been 73 vulnerabilities in Siemens with an average score of 7.7 out of ten. Last year Siemens had 209 security vulnerabilities published. Right now, Siemens is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.30.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 73 | 7.71 |
2022 | 209 | 7.41 |
2021 | 304 | 7.17 |
2020 | 66 | 6.84 |
2019 | 115 | 7.70 |
2018 | 23 | 7.25 |
It may take a day or so for new Siemens vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Security Vulnerabilities
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14)
CVE-2023-30898
8.8 - High
- May 09, 2023
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
Marshaling, Unmarshaling
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14)
CVE-2023-30899
8.8 - High
- May 09, 2023
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
Marshaling, Unmarshaling
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3)
CVE-2023-30985
5.5 - Medium
- May 09, 2023
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3)
CVE-2023-30986
7.8 - High
- May 09, 2023
A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)
Memory Corruption
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions)
CVE-2023-26293
7.3 - High
- April 11, 2023
A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.
Improper Input Validation
A vulnerability has been identified in Polarion ALM (All versions < V22R2)
CVE-2023-28828
5.9 - Medium
- April 11, 2023
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
XXE
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0)
CVE-2023-29053
7.8 - High
- April 11, 2023
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2)
CVE-2023-27309
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
AuthZ
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2)
CVE-2023-27310
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
AuthZ
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3)
CVE-2023-27462
4.3 - Medium
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
AuthZ
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3)
CVE-2023-27463
8.8 - High
- March 14, 2023
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.
SQL Injection
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27398
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27399
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27400
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27401
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345)
Out-of-bounds Read
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27402
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334)
Out-of-bounds Read
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27403
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27404
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27405
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432)
Out-of-bounds Read
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-27406
7.8 - High
- March 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24992
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24993
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24994
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24995
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24996
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24980
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24981
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24982
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24983
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24984
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24985
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24986
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24987
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24988
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24989
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24990
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812)
Memory Corruption
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24991
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813)
Memory Corruption
A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254)
CVE-2023-25140
7.8 - High
- February 14, 2023
A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in TIA Multiuser Server V14 (All versions)
CVE-2022-35868
6.7 - Medium
- February 14, 2023
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
Untrusted Path
A vulnerability has been identified in JT Open (All versions < V11.2.3.0)
CVE-2022-47936
7.8 - High
- February 14, 2023
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
Stack Overflow
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0)
CVE-2022-47977
7.8 - High
- February 14, 2023
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
Buffer Overflow
A vulnerability has been identified in COMOS V10.2 (All versions)
CVE-2023-24482
9.8 - Critical
- February 14, 2023
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.
Classic Buffer Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24549
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Stack Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24550
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Heap-based Buffer Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24551
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Heap-based Buffer Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24552
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24553
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24554
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24555
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24556
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24557
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24558
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24559
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24560
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.
Memory Corruption
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24561
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Access of Uninitialized Pointer
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24562
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Access of Uninitialized Pointer
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)
CVE-2023-24563
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Access of Uninitialized Pointer
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)
CVE-2023-24564
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)
Buffer Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)
CVE-2023-24565
3.3 - Low
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)
Out-of-bounds Read
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)
CVE-2023-24566
3.3 - Low
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)
Stack Overflow
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)
CVE-2023-24581
7.8 - High
- February 14, 2023
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)
Dangling pointer
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24978
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)
Access of Uninitialized Pointer
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)
CVE-2023-24979
7.8 - High
- February 14, 2023
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19789)
Memory Corruption
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files
CVE-2022-3159
7.8 - High
- January 13, 2023
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
Memory Corruption
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files
CVE-2022-3160
7.8 - High
- January 13, 2023
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
Memory Corruption
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files
CVE-2022-3161
7.8 - High
- January 13, 2023
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
Memory Corruption
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)
CVE-2022-45093
8.8 - High
- January 10, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
Directory traversal
A vulnerability has been identified in Automation License Manager V5 (All versions)
CVE-2022-43513
7.5 - High
- January 10, 2023
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.
Externally Controlled Reference to a Resource in Another Sphere
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)
CVE-2022-45094
8.8 - High
- January 10, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.
Command Injection
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)
CVE-2022-45092
8.8 - High
- January 10, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
Directory traversal
A vulnerability has been identified in Automation License Manager V5 (All versions)
CVE-2022-43514
9.8 - Critical
- January 10, 2023
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.
Directory traversal
A vulnerability has been identified in JT Open (All versions < V11.1.1.0)
CVE-2022-47935
7.8 - High
- January 10, 2023
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)
Buffer Overflow
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1)
CVE-2022-47967
7.8 - High
- January 10, 2023
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.
Buffer Overflow
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)
CVE-2022-46349
7.8 - High
- December 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)
Out-of-bounds Read
A vulnerability has been identified in PLM Help Server V4.2 (All versions)
CVE-2022-44575
6.1 - Medium
- December 13, 2022
A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
XSS
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions)
CVE-2022-43517
7.8 - High
- December 13, 2022
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.
Incorrect Permission Assignment for Critical Resource
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41288
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Allocation of Resources Without Limits or Throttling
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41287
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Divide By Zero
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41286
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41285
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Dangling pointer
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41284
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41283
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Memory Corruption
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41282
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41281
7.8 - High
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
Out-of-bounds Read
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41280
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
NULL Pointer Dereference
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41279
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
NULL Pointer Dereference
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-41278
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
NULL Pointer Dereference
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)
CVE-2022-46348
7.8 - High
- December 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)
Memory Corruption
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)
CVE-2022-45484
3.3 - Low
- December 13, 2022
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)
Out-of-bounds Read
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0)
CVE-2022-46664
8.1 - High
- December 13, 2022
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.
Authorization
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)
CVE-2022-43722
7.8 - High
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
DLL preloading
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06)
CVE-2022-43723
7.5 - High
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Improper Input Validation
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)
CVE-2022-43724
9.8 - Critical
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Cleartext Transmission of Sensitive Information
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038)
CVE-2022-44731
5.4 - Medium
- December 13, 2022
A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).
Argument Injection
A vulnerability has been identified in Polarion ALM (All versions < V2304.0)
CVE-2022-46265
5.4 - Medium
- December 13, 2022
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.
Injection
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)
CVE-2022-46347
7.8 - High
- December 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19079)
Memory Corruption
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)
CVE-2022-46346
7.8 - High
- December 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)
Memory Corruption
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0)
CVE-2022-45936
8.1 - High
- December 13, 2022
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)
CVE-2022-46345
7.8 - High
- December 13, 2022
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)
Memory Corruption
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF
CVE-2022-35256
6.5 - Medium
- December 05, 2022
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
HTTP Request Smuggling