Parasolid/Teamcenter Viz NPD Exec pre v34.1.258, 35.0.254, 35.1.171, 14.1.0.11, 14.2.0.6, 14.3.0.3
CVE-2023-38524 Published on August 8, 2023
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2023-38524
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-38524 are published in these products:
Affected Versions
Siemens Parasolid V34.1:- Before V34.1.258 is affected.
- Before V35.0.254 is affected.
- Before V35.1.171 is affected.
- Before V14.1.0.11 is affected.
- Before V14.2.0.6 is affected.
- Before V14.3.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.