ID
VAR-202308-0233
CVE
CVE-2023-28830
TITLE
Use of Freed Memory Vulnerability in Multiple Siemens Products
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. JT2Go , Teamcenter Visualization , solid edge se2022 A number of Siemens products, including Freed Memory Usage Vulnerability, exist in several Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_8 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2023 | scope: | eq | version: | update_0002 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_2 | Trust: 1.0 |
| vendor: | siemens | model: | jt2go | scope: | lt | version: | 14.2.0.5 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_12 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_5 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_10 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.2.0.5 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.2 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2023 | scope: | eq | version: | update_0003 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.1.0.11 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_7 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 13.2.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.1 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 13.3.0.11 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_4 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_11 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_3 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_9 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2023 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 13.2.0.15 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 13.3.0 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | maintenance_pack_1 | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2022 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | siemens | model: | solid edge se2023 | scope: | eq | version: | update_0001 | Trust: 1.0 |
| vendor: | シーメンス | model: | jt2go | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | solid edge se2022 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | solid edge se2023 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | teamcenter visualization | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.0 |
| problemtype: | Use of freed memory (CWE-416) [NVD evaluation ] | Trust: 0.8 |
CONFIGURATIONS
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-28830 | Trust: 2.7 |
| db: | SIEMENS | id: | SSA-131450 | Trust: 1.9 |
| db: | JVN | id: | JVNVU90056839 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-23-222-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-021527 | Trust: 0.8 |
| db: | VULMON | id: | CVE-2023-28830 | Trust: 0.1 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf | Trust: 1.9 |
| url: | https://jvn.jp/vu/jvnvu90056839/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-28830 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01 | Trust: 0.8 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2023-28830 |
| db: | JVNDB | id: | JVNDB-2023-021527 |
| db: | NVD | id: | CVE-2023-28830 |
LAST UPDATE DATE
2024-01-20T20:31:43.959000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-28830 | date: | 2023-08-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-021527 | date: | 2024-01-19T06:45:00 |
| db: | NVD | id: | CVE-2023-28830 | date: | 2023-08-15T16:54:21.120 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-28830 | date: | 2023-08-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-021527 | date: | 2024-01-19T00:00:00 |
| db: | NVD | id: | CVE-2023-28830 | date: | 2023-08-08T10:15:14.847 |