ID
VAR-202308-0237
CVE
CVE-2023-38526
TITLE
Siemens' parasolid and Teamcenter Visualization Out-of-bounds read vulnerability in
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. Siemens' parasolid and Teamcenter Visualization Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.2.0.6 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | lt | version: | 34.1.258 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | lt | version: | 35.0.254 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | lt | version: | 35.1.171 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.2 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | gte | version: | 34.1 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | gte | version: | 35.0 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.3 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | gte | version: | 14.1 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.3.0.3 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter visualization | scope: | lt | version: | 14.1.0.11 | Trust: 1.0 |
| vendor: | siemens | model: | parasolid | scope: | gte | version: | 35.1 | Trust: 1.0 |
| vendor: | シーメンス | model: | parasolid | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | teamcenter visualization | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-125 | Trust: 1.0 |
| problemtype: | Out-of-bounds read (CWE-125) [NVD evaluation ] | Trust: 0.8 |
CONFIGURATIONS
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-38526 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-407785 | Trust: 1.8 |
| db: | ICS CERT | id: | ICSA-23-222-06 | Trust: 0.8 |
| db: | JVN | id: | JVNVU90056839 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-021523 | Trust: 0.8 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf | Trust: 1.8 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-407785.html | Trust: 1.0 |
| url: | https://jvn.jp/vu/jvnvu90056839/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-38526 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-06 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2023-021523 |
| db: | NVD | id: | CVE-2023-38526 |
LAST UPDATE DATE
2024-06-11T20:04:39.157000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2023-021523 | date: | 2024-01-19T06:44:00 |
| db: | NVD | id: | CVE-2023-38526 | date: | 2024-06-11T12:15:11.213 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2023-021523 | date: | 2024-01-19T00:00:00 |
| db: | NVD | id: | CVE-2023-38526 | date: | 2023-08-08T10:15:15.817 |