CVE-2023-39185

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Published: Aug 8, 2023
Updated: Aug 11, 2023
CVE: CVE-2023-39185
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
siemens / solid_edge	-	se2023
siemens / solid_edge	se2023	se2023.x
siemens / solid_edge	se2023-maintenance_pack6	se2023-maintenance_pack6.x
siemens / solid_edge	se2023-maintenance_pack5	se2023-maintenance_pack5.x
siemens / solid_edge	se2023-maintenance_pack4	se2023-maintenance_pack4.x
siemens / solid_edge	se2023-maintenance_pack3	se2023-maintenance_pack3.x
siemens / solid_edge	se2023-maintenance_pack2	se2023-maintenance_pack2.x
siemens / solid_edge	se2023-maintenance_pack1	se2023-maintenance_pack1.x

https://cert-portal.siemens.com/productcert/pdf/ssa-811403.pdf

Vulnerability Database

289,784

CVE-2023-39185