Siemens Solid Edge Se2023

Parasolid & Solid Edge OOB Read Vulnerability CVE-2023-49125
CVE-2023-49125 7.8 - High - February 13, 2024

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2023 <V223.0 Update10> OOB Write in PAR Parser
CVE-2023-49128 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

Solid Edge SE2023 (V<223.0U10) Uninit Pointer Access in PAR Parser Causing RCE
CVE-2023-49132 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Solid Edge SE2023 < V223.0 Update 10 Uninit Ptr Access in PAR Parser
CVE-2023-49131 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Solid Edge SE2023 <V223.0 Update 10 Uninitialized Pointer in PAR Parser Enables RCE
CVE-2023-49130 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Solid Edge SE2023 PAR File Stack Overflow (pre V223.0 Update 10)
CVE-2023-49129 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

OOB Read in Solid Edge SE2023 (Before V223.0 U10) PAR Parser | CVE-2023-49127
CVE-2023-49127 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2023 < v223.0 Update 10: OOB Read in PAR Parser
CVE-2023-49126 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2023 (<V223.0 U10) OOB Read CVE-2023-49124
CVE-2023-49124 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Heap Buffer Overflow in Solid Edge SE2023 (<V223.0 Update10) via PAR file
CVE-2023-49123 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

Solid Edge SE2023 (<V223.0 U10) Heap Buffer Overflow in PAR Parser
CVE-2023-49122 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

Solid Edge SE2023 <V223.0 Update10 Heap Buffer Overflow in PAR Parsing
CVE-2023-49121 7.8 - High - January 09, 2024

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Memory Corruption

UEF in Siemens JT2Go/Teamcenter Vis. (<V14.2.0.5) via ASM parse RCE
CVE-2023-28830 7.8 - High - August 08, 2023

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.

Dangling pointer

Solid Edge SE2023 OOB Read in OBJ Parser (All < V223.0U3)
CVE-2023-30985 5.5 - Medium - May 09, 2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

Solid Edge SE2023 STP Memory Corruption <V223.0 U3 (Exec)
CVE-2023-30986 - May 09, 2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)

Memory Corruption

Solid Edge SE2022/SE2023 Overflow in PAR Parser (CVE-2023-24549)
CVE-2023-24549 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Stack Overflow

Solid Edge SE2022/2023 use-after-free in STP parsing V<222.0MP12/V<223.0U2
CVE-2023-24581 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)

Dangling pointer

Solid Edge SE2022/SE2023 OOB Read in PAR File (Vpre-V222.0MP12, <V223.0U2)
CVE-2023-24559 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Stack-based Buffer Overflow in Solid Edge SE2022/SE2023 <V when parsing PAR files
CVE-2023-24566 3.3 - Low - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)

Stack Overflow

CVE-2023-24565: Solid Edge SE2022/SE2023 OOB Read in STL Parser (V <22.2MP12 / <23.0 Update2)
CVE-2023-24565 3.3 - Low - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)

Out-of-bounds Read

Solid Edge DWG Parser: Memory Corruption (SE2022<222.0MP12, SE2023<223.0U2)
CVE-2023-24564 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)

Buffer Overflow

Solid Edge SE2022/2023 Uninit Ptr Access via PAR Parser
CVE-2023-24563 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Solid Edge SE2022/23 Uninitialized Pointer Access in PAR Parser (V < 222.0MP12 / < 223.0U2)
CVE-2023-24562 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Uninitialized Pointer via Solid Edge SE2022/SE2023 (pre V222.0MP12/V223.0U2)
CVE-2023-24561 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Access of Uninitialized Pointer

Solid Edge OUTOFBOUND WRITE in PAR Parser (<222.0MP12/223.0Update2) Privilege Escalation
CVE-2023-24560 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

Memory Corruption

Solid Edge SE2022/SE2023 pre V223.0MP12 Heap-based Buffer Overflow PAR
CVE-2023-24550 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Heap-based Buffer Overflow

Solid Edge SE2022/23 OOB Read in PAR Files (CVE-2023-24558)
CVE-2023-24558 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2022/2023 PAR OOB Read Allows Code Exec
CVE-2023-24557 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2022/SE2023 OOB Read in PAR Parser (pre-222.0MP12, pre-223.0Update2)
CVE-2023-24556 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2022/SE2023 OOB Read in PAR Parser, RCE (V<222.0MP12, V<223.0Upd2)
CVE-2023-24555 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE < 222.0MP12 / SE2023 < 223.0Upd2 OOB Read in PAR Code Exec
CVE-2023-24554 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE 222.0MP12/223.0Update2 OOB Read in PAR Parsing Remote Code Exec
CVE-2023-24553 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Out-of-bounds Read

Solid Edge SE2022/2023 OOB Read Code Exec in PAR Parsing (V<222.0MP12/223.0U2)
CVE-2023-24552 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

Out-of-bounds Read

Heap-Based Buffer Underflow in SE2022/SE2023 PAR Files
CVE-2023-24551 7.8 - High - February 14, 2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Heap-based Buffer Overflow

Out-of-bounds write in Parasolid V33.135.0 via malicious X_B file
CVE-2022-46346 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)

Memory Corruption

Parasolid & Solid Edge OOB Write in X_B Parsing (<V35.0.170)
CVE-2022-46345 7.8 - High - December 13, 2022

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)

Memory Corruption