CVE-2023-38528

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.

Published: Aug 8, 2023
Updated: Nov 15, 2023
CVE: CVE-2023-38528
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
siemens / parasolid	34.1	34.1.258
siemens / parasolid	35.0	35.0.254
siemens / teamcenter_visualization	14.2	14.2.0.6
siemens / parasolid	35.1	35.1.197
siemens / teamcenter_visualization	14.1	14.1.0.11
siemens / teamcenter_visualization	14.3	14.3.0.3

Vulnerability Database

289,697

CVE-2023-38528