Siemens Siemens

Do you want an email whenever new security vulnerabilities are reported in any Siemens product?

Products by Siemens Sorted by Most Security Vulnerabilities since 2018

Siemens Jt2go118 vulnerabilities

Siemens Simcenter Femap43 vulnerabilities

Siemens Solid Edge34 vulnerabilities

Siemens Jt Utilities30 vulnerabilities

Siemens Parasolid30 vulnerabilities

Siemens Jt Open Toolkit28 vulnerabilities

Siemens Sinec Ins26 vulnerabilities

Siemens Nucleus Net25 vulnerabilities

Siemens Nucleus Source Code25 vulnerabilities

Siemens Capital Vstar23 vulnerabilities

Siemens Comos23 vulnerabilities

Siemens Sinec Nms21 vulnerabilities

Siemens Solid Edge Se202321 vulnerabilities

Siemens Nucleus Readystart V320 vulnerabilities

Siemens Pads Viewer20 vulnerabilities

Siemens Simatic Wincc19 vulnerabilities

Siemens Simatic Pcs 717 vulnerabilities

Siemens Sinvr 3 Video Server17 vulnerabilities

Siemens Nucleus Readystart V414 vulnerabilities

Siemens Xhq10 vulnerabilities

Siemens Vstar10 vulnerabilities

Siemens Simatic Wincc Runtime10 vulnerabilities

Siemens Sinema Server9 vulnerabilities

Siemens Nucleus Readystart8 vulnerabilities

Siemens Nucleus Rtos8 vulnerabilities

Siemens Spectrum Power 48 vulnerabilities

Siemens Simatic Net Pc7 vulnerabilities

Siemens Teamcenter7 vulnerabilities

Siemens Simatic Pcs Neo7 vulnerabilities

Siemens Simatic Step 77 vulnerabilities

Siemens Siveillance Identity6 vulnerabilities

Siemens Logo Soft Comfort6 vulnerabilities

Siemens Nucleus 46 vulnerabilities

Siemens Nx 19806 vulnerabilities

Siemens Sipass Integrated6 vulnerabilities

Siemens Opcenter Quality5 vulnerabilities

Siemens Simatic Wincc Oa4 vulnerabilities

Siemens Spectrum Power 74 vulnerabilities

Siemens Ruggedcom Crossbow4 vulnerabilities

Siemens Solid Edge Se20203 vulnerabilities

Siemens Desigo Insight3 vulnerabilities

Siemens Simocode Es3 vulnerabilities

Siemens Solid Edge Se20213 vulnerabilities

Siemens Mendix3 vulnerabilities

Siemens Sinumerik 840d Sl3 vulnerabilities

Siemens Opcenter Rdl3 vulnerabilities

Siemens Operation Scheduler3 vulnerabilities

Siemens Simatic S7 15003 vulnerabilities

Siemens Simatic S7 Plcsim3 vulnerabilities

Siemens Polarion3 vulnerabilities

Siemens Polarion Alm3 vulnerabilities

Siemens Pss Cape3 vulnerabilities

Siemens Sicam Pas3 vulnerabilities

Siemens Sicam Pqs3 vulnerabilities

Siemens Simatic Batch3 vulnerabilities

Known Exploited Siemens Vulnerabilities

The following Siemens vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service. CVE-2016-8562 March 3, 2022

By the Year

In 2023 there have been 73 vulnerabilities in Siemens with an average score of 7.7 out of ten. Last year Siemens had 209 security vulnerabilities published. Right now, Siemens is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.30.

Year Vulnerabilities Average Score
2023 73 7.71
2022 209 7.41
2021 304 7.17
2020 66 6.84
2019 115 7.70
2018 23 7.25

It may take a day or so for new Siemens vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Siemens Security Vulnerabilities

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14)

CVE-2023-30898 8.8 - High - May 09, 2023

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

Marshaling, Unmarshaling

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14)

CVE-2023-30899 8.8 - High - May 09, 2023

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

Marshaling, Unmarshaling

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3)

CVE-2023-30985 5.5 - Medium - May 09, 2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3)

CVE-2023-30986 7.8 - High - May 09, 2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)

Memory Corruption

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions)

CVE-2023-26293 7.3 - High - April 11, 2023

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

Improper Input Validation

A vulnerability has been identified in Polarion ALM (All versions < V22R2)

CVE-2023-28828 5.9 - Medium - April 11, 2023

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

XXE

A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0)

CVE-2023-29053 7.8 - High - April 11, 2023

A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2)

CVE-2023-27309 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.

AuthZ

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2)

CVE-2023-27310 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.

AuthZ

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3)

CVE-2023-27462 4.3 - Medium - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

AuthZ

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3)

CVE-2023-27463 8.8 - High - March 14, 2023

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.

SQL Injection

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27398 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27399 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27400 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27401 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345)

Out-of-bounds Read

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27402 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334)

Out-of-bounds Read

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27403 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27404 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27405 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432)

Out-of-bounds Read

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-27406 7.8 - High - March 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24992 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24993 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24994 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24995 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24996 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24980 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24981 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24982 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24983 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24984 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24985 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24986 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24987 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24988 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24989 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24990 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812)

Memory Corruption

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24991 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813)

Memory Corruption

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254)

CVE-2023-25140 7.8 - High - February 14, 2023

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in TIA Multiuser Server V14 (All versions)

CVE-2022-35868 6.7 - Medium - February 14, 2023

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server  (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

Untrusted Path

A vulnerability has been identified in JT Open (All versions < V11.2.3.0)

CVE-2022-47936 7.8 - High - February 14, 2023

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Stack Overflow

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0)

CVE-2022-47977 7.8 - High - February 14, 2023

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Buffer Overflow

A vulnerability has been identified in COMOS V10.2 (All versions)

CVE-2023-24482 9.8 - Critical - February 14, 2023

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

Classic Buffer Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24549 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Stack Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24550 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Heap-based Buffer Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24551 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Heap-based Buffer Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24552 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24553 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24554 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24555 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24556 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24557 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24558 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24559 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24560 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24561 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24562 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2)

CVE-2023-24563 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)

CVE-2023-24564 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)

Buffer Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)

CVE-2023-24565 3.3 - Low - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)

Out-of-bounds Read

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)

CVE-2023-24566 3.3 - Low - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)

Stack Overflow

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12)

CVE-2023-24581 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)

Dangling pointer

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24978 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)

Access of Uninitialized Pointer

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006)

CVE-2023-24979 7.8 - High - February 14, 2023

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19789)

Memory Corruption

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files

CVE-2022-3159 7.8 - High - January 13, 2023

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files

CVE-2022-3160 7.8 - High - January 13, 2023

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files

CVE-2022-3161 7.8 - High - January 13, 2023

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)

CVE-2022-45093 8.8 - High - January 10, 2023

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.

Directory traversal

A vulnerability has been identified in Automation License Manager V5 (All versions)

CVE-2022-43513 7.5 - High - January 10, 2023

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

Externally Controlled Reference to a Resource in Another Sphere

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)

CVE-2022-45094 8.8 - High - January 10, 2023

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.

Command Injection

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1)

CVE-2022-45092 8.8 - High - January 10, 2023

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.

Directory traversal

A vulnerability has been identified in Automation License Manager V5 (All versions)

CVE-2022-43514 9.8 - Critical - January 10, 2023

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.

Directory traversal

A vulnerability has been identified in JT Open (All versions < V11.1.1.0)

CVE-2022-47935 7.8 - High - January 10, 2023

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)

Buffer Overflow

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1)

CVE-2022-47967 7.8 - High - January 10, 2023

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.

Buffer Overflow

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)

CVE-2022-46349 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)

Out-of-bounds Read

A vulnerability has been identified in PLM Help Server V4.2 (All versions)

CVE-2022-44575 6.1 - Medium - December 13, 2022

A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.

XSS

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions)

CVE-2022-43517 7.8 - High - December 13, 2022

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.

Incorrect Permission Assignment for Critical Resource

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41288 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Allocation of Resources Without Limits or Throttling

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41287 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Divide By Zero

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41286 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41285 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Dangling pointer

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41284 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41283 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41282 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41281 7.8 - High - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41280 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41279 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-41278 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

NULL Pointer Dereference

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)

CVE-2022-46348 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)

Memory Corruption

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6)

CVE-2022-45484 3.3 - Low - December 13, 2022

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)

Out-of-bounds Read

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0)

CVE-2022-46664 8.1 - High - December 13, 2022

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.

Authorization

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)

CVE-2022-43722 7.8 - High - December 13, 2022

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

DLL preloading

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06)

CVE-2022-43723 7.5 - High - December 13, 2022

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Improper Input Validation

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)

CVE-2022-43724 9.8 - Critical - December 13, 2022

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Cleartext Transmission of Sensitive Information

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038)

CVE-2022-44731 5.4 - Medium - December 13, 2022

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).

Argument Injection

A vulnerability has been identified in Polarion ALM (All versions < V2304.0)

CVE-2022-46265 5.4 - Medium - December 13, 2022

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.

Injection

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)

CVE-2022-46347 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19079)

Memory Corruption

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)

CVE-2022-46346 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)

Memory Corruption

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0)

CVE-2022-45936 8.1 - High - December 13, 2022

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264)

CVE-2022-46345 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)

Memory Corruption

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF

CVE-2022-35256 6.5 - Medium - December 05, 2022

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

HTTP Request Smuggling

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.