Vulnerability-Lookup

CVE-2023-24555 (GCVE-0-2023-24555)

Vulnerability from cvelistv5 – Published: 2023-02-14 10:36 – Updated: 2024-08-02 11:03

Summary

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read

Assigner

siemens

References

URL

GHSA-9H73-4H32-23WP

Vulnerability from github – Published: 2023-02-14 12:30 – Updated: 2023-02-22 18:30

Details

A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-14T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V2210Update12), Solid Edge SE2023 (All versions \u003c V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.",
  "id": "GHSA-9h73-4h32-23wp",
  "modified": "2023-02-22T18:30:34Z",
  "published": "2023-02-14T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24555"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0121

Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14

De multiples vulnérabilités ont été corrigées dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	JT Utilities versions antérieures à V13.2.3.0
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.170
Siemens	N/A	TIA Project-Server versions antérieures à V1.1
Siemens	N/A	COMOS V10.3.3.4 versions antérieures à V10.3.3.4.6
Siemens	N/A	SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Parasolid V34.1 versions antérieures à V34.1.242
Siemens	N/A	TIA Multiuser Server V16 toutes les versions
Siemens	N/A	COMOS V10.2 toutes les versions
Siemens	N/A	Simcenter Femap versions antérieures à V2023.1
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.12) antérieures à V9.12.10
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.150
Siemens	N/A	COMOS V10.3.3.3 versions antérieures à V10.3.3.3.9
Siemens	N/A	SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions antérieures à V5.5.0
Siemens	N/A	Brownfield Connectivity - Client versions antérieures à V2.15
Siemens	N/A	COMOS V10.4.2.0 versions antérieures à V10.4.2.0.25
Siemens	N/A	TIA Multiuser Server V14 toutes les versions
Siemens	N/A	COMOS V10.3.3.1 versions antérieures à V10.3.3.1.45
Siemens	N/A	Parasolid V34.0 versions antérieures à V34.0.254
Siemens	N/A	SiPass integrated AC5102 (ACC-G2) versions antérieures à V2.85.44
Siemens	N/A	Solid Edge SE2023 versions antérieures à V2023Update2
Siemens	N/A	SiPass integrated ACC-AP versions antérieures à V2.85.43
Siemens	N/A	SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	COMOS V10.4.0.0 versions antérieures à V10.4.0.0.31
Siemens	N/A	Applications utilisant Mendix versions 7 antérieures à V7.23.34
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.18) antérieures à V9.18.4
Siemens	N/A	SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	TIA Multiuser Server V15 versions antérieures à V15.1 Update 8
Siemens	N/A	SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Applications utilisant Mendix versions 8 antérieures à V8.18.23
Siemens	N/A	Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions
Siemens	N/A	SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Brownfield Connectivity - Gateway versions antérieures à V1.11
Siemens	N/A	SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	TIA Multiuser Server V17 toutes les versions
Siemens	N/A	Famille de produits RUGGEDCOM APE1808 toutes les versions
Siemens	N/A	SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.6) antérieures à V9.6.15
Siemens	N/A	COMOS V10.4.1.0 versions antérieures à V10.4.1.0.32
Siemens	N/A	SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	COMOS V10.3.3.2 versions antérieures à V10.3.3.2.33
Siemens	N/A	Tecnomatix Plant Simulation versions antérieures à V2201.0006
Siemens	N/A	JT Open versions antérieures à V11.2.3.0
Siemens	N/A	Applications utilisant Mendix versions 9 antérieures à V9.22.0

References

Title

Publication Time

Tags

Bulletin de sécurité [SCADA] Siemens SSA-847261 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-693110 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-953464 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-744259 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-617755 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-658793 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-450613 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-491245 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-686975 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-836777 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-565356 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-252808 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-640968 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Project-Server versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.4 versions ant\u00e9rieures \u00e0 V10.3.3.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.1 versions ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V16 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.2 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.12) ant\u00e9rieures \u00e0 V9.12.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.3 versions ant\u00e9rieures \u00e0 V10.3.3.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Client versions ant\u00e9rieures \u00e0 V2.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.2.0 versions ant\u00e9rieures \u00e0 V10.4.2.0.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V14 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.1 versions ant\u00e9rieures \u00e0 V10.3.3.1.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.0 versions ant\u00e9rieures \u00e0 V34.0.254",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated AC5102 (ACC-G2) versions ant\u00e9rieures \u00e0 V2.85.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 V2023Update2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated ACC-AP versions ant\u00e9rieures \u00e0 V2.85.43",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.0.0 versions ant\u00e9rieures \u00e0 V10.4.0.0.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 7 ant\u00e9rieures \u00e0 V7.23.34",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.18) ant\u00e9rieures \u00e0 V9.18.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V15 versions ant\u00e9rieures \u00e0 V15.1 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 8 ant\u00e9rieures \u00e0 V8.18.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Gateway versions ant\u00e9rieures \u00e0 V1.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V17 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits RUGGEDCOM APE1808 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.6) ant\u00e9rieures \u00e0 V9.6.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.1.0 versions ant\u00e9rieures \u00e0 V10.4.1.0.32",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.2 versions ant\u00e9rieures \u00e0 V10.3.3.2.33",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation versions ant\u00e9rieures \u00e0 V2201.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 ant\u00e9rieures \u00e0 V9.22.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-24556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24556"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2023-24990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24990"
    },
    {
      "name": "CVE-2022-39157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
    },
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2023-22669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
    },
    {
      "name": "CVE-2023-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24549"
    },
    {
      "name": "CVE-2023-24560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24560"
    },
    {
      "name": "CVE-2022-31808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31808"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2023-24552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24552"
    },
    {
      "name": "CVE-2021-43391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43391"
    },
    {
      "name": "CVE-2023-24980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24980"
    },
    {
      "name": "CVE-2021-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
    },
    {
      "name": "CVE-2022-33984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33984"
    },
    {
      "name": "CVE-2023-24551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24551"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2023-24992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24992"
    },
    {
      "name": "CVE-2022-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2022-33906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33906"
    },
    {
      "name": "CVE-2023-24562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24562"
    },
    {
      "name": "CVE-2023-24482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24482"
    },
    {
      "name": "CVE-2023-24994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24994"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2022-43397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
    },
    {
      "name": "CVE-2023-24561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24561"
    },
    {
      "name": "CVE-2023-24995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24995"
    },
    {
      "name": "CVE-2022-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30774"
    },
    {
      "name": "CVE-2023-24553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24553"
    },
    {
      "name": "CVE-2023-24984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24984"
    },
    {
      "name": "CVE-2021-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
    },
    {
      "name": "CVE-2023-24993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24993"
    },
    {
      "name": "CVE-2023-24558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24558"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2023-22295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22295"
    },
    {
      "name": "CVE-2021-32948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
    },
    {
      "name": "CVE-2022-33982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33982"
    },
    {
      "name": "CVE-2023-22846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22846"
    },
    {
      "name": "CVE-2023-24983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24983"
    },
    {
      "name": "CVE-2022-47936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47936"
    },
    {
      "name": "CVE-2022-47977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47977"
    },
    {
      "name": "CVE-2023-24550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24550"
    },
    {
      "name": "CVE-2023-24565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24565"
    },
    {
      "name": "CVE-2023-25140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25140"
    },
    {
      "name": "CVE-2023-24988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24988"
    },
    {
      "name": "CVE-2022-35868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35868"
    },
    {
      "name": "CVE-2023-24554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24554"
    },
    {
      "name": "CVE-2022-33907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33907"
    },
    {
      "name": "CVE-2021-43336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
    },
    {
      "name": "CVE-2023-24581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24581"
    },
    {
      "name": "CVE-2023-22321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22321"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2023-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24557"
    },
    {
      "name": "CVE-2023-24566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24566"
    },
    {
      "name": "CVE-2023-24978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24978"
    },
    {
      "name": "CVE-2023-24555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24555"
    },
    {
      "name": "CVE-2023-24979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24979"
    },
    {
      "name": "CVE-2023-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22354"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2023-24987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24987"
    },
    {
      "name": "CVE-2023-24986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24986"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2023-23579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23579"
    },
    {
      "name": "CVE-2023-24564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24564"
    },
    {
      "name": "CVE-2023-24982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24982"
    },
    {
      "name": "CVE-2023-24996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24996"
    },
    {
      "name": "CVE-2022-31243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31243"
    },
    {
      "name": "CVE-2023-24563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24563"
    },
    {
      "name": "CVE-2023-24985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24985"
    },
    {
      "name": "CVE-2023-24991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24991"
    },
    {
      "name": "CVE-2023-24981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24981"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-33908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33908"
    },
    {
      "name": "CVE-2023-23835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23835"
    },
    {
      "name": "CVE-2023-24559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24559"
    },
    {
      "name": "CVE-2023-24989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24989"
    },
    {
      "name": "CVE-2023-22670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
    }
  ],
  "initial_release_date": "2023-02-14T00:00:00",
  "last_revision_date": "2023-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf"
    }
  ],
  "reference": "CERTFR-2023-AVI-0121",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-847261 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-693110 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-953464 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-744259 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-617755 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-658793 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-450613 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-491245 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-686975 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-836777 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-565356 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-252808 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-640968 du 14 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

GSD-2023-24555

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-24555

Aliases

CVE-2023-24555

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24555",
    "id": "GSD-2023-24555"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24555"
      ],
      "details": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.",
      "id": "GSD-2023-24555",
      "modified": "2023-12-13T01:20:57.622395Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2023-24555",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Solid Edge SE2022",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V222.0MP12"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Solid Edge SE2023",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V223.0Update2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-125",
                "lang": "eng",
                "value": "CWE-125: Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "22C0D3BE-0640-49C8-86F1-52966CABA2E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DE12CBDF-222E-4DE9-927A-3BDDBFFF1E1A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EEFAAAE5-52B1-48EA-98E1-98A854CBE65A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D5AFCFBB-ED56-4DDB-89D8-B47A20821AB8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "087A9E78-9E5C-4D94-A251-02F9AB160F54",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "68EE0588-FE7F-4581-9484-52404DB5B99A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9F72318F-0E9C-4AB1-9CA2-6527513AE0F6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "63C93992-17F7-4499-BC57-BD67E8A6C508",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7180CEA7-150A-4B1D-BDFD-61C320A33148",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B0244EE5-BF22-491A-A7DE-48F44E2A17FC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A583AAD-5B13-4822-AA24-AA7D16305FE2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0C855788-002F-41E5-BC01-8597E66EDE1C",
                    "versionEndExcluding": "2210.0002.004",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
          }
        ],
        "id": "CVE-2023-24555",
        "lastModified": "2024-02-13T18:02:07.630",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-02-14T11:15:15.393",
        "references": [
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CNVD-2023-09643

Vulnerability from cnvd - Published: 2023-02-16

Title

Siemens Solid Edge越界读取漏洞（CNVD-2023-09643）

Description

Siemens Solid Edge是德国西门子（Siemens）公司的一款三维CAD软件。该软件可用于零件设计、装配设计、钣金设计、焊接设计等行业。 Siemens Solid Edge存在越界读取漏洞，攻击者可利用该漏洞在当前进程的上下文中执行代码。

Severity

高

Patch Name

Siemens Solid Edge越界读取漏洞（CNVD-2023-09643）的补丁

Patch Description

Siemens Solid Edge是德国西门子（Siemens）公司的一款三维CAD软件。该软件可用于零件设计、装配设计、钣金设计、焊接设计等行业。 Siemens Solid Edge存在越界读取漏洞，攻击者可利用该漏洞在当前进程的上下文中执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-491245.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-491245.html

Impacted products

Name
['Siemens Solid Edge SE2023 < V2023Update2', 'Siemens Solid Edge SE2022 < V2210Update12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-24555"
    }
  },
  "description": "Siemens Solid Edge\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e09\u7ef4CAD\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7528\u4e8e\u96f6\u4ef6\u8bbe\u8ba1\u3001\u88c5\u914d\u8bbe\u8ba1\u3001\u94a3\u91d1\u8bbe\u8ba1\u3001\u710a\u63a5\u8bbe\u8ba1\u7b49\u884c\u4e1a\u3002\n\nSiemens Solid Edge\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-491245.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-09643",
  "openTime": "2023-02-16",
  "patchDescription": "Siemens Solid Edge\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e09\u7ef4CAD\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7528\u4e8e\u96f6\u4ef6\u8bbe\u8ba1\u3001\u88c5\u914d\u8bbe\u8ba1\u3001\u94a3\u91d1\u8bbe\u8ba1\u3001\u710a\u63a5\u8bbe\u8ba1\u7b49\u884c\u4e1a\u3002\r\n\r\nSiemens Solid Edge\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Solid Edge\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2023-09643\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Solid Edge SE2023 \u003c V2023Update2",
      "Siemens Solid Edge SE2022 \u003c V2210Update12"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-491245.html",
  "serverity": "\u9ad8",
  "submitTime": "2023-02-14",
  "title": "Siemens Solid Edge\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2023-09643\uff09"
}

FKIE_CVE-2023-24555

Vulnerability from fkie_nvd - Published: 2023-02-14 11:15 - Updated: 2024-11-21 07:48

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	solid_edge_se2022	-
siemens	solid_edge_se2022	maintenance_pack_1
siemens	solid_edge_se2022	maintenance_pack_2
siemens	solid_edge_se2022	maintenance_pack_3
siemens	solid_edge_se2022	maintenance_pack_4
siemens	solid_edge_se2022	maintenance_pack_5
siemens	solid_edge_se2022	maintenance_pack_7
siemens	solid_edge_se2022	maintenance_pack_8
siemens	solid_edge_se2022	maintenance_pack_9
siemens	solid_edge_se2022	maintenance_pack_10
siemens	solid_edge_se2022	maintenance_pack_11
siemens	solid_edge_se2023	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C0D3BE-0640-49C8-86F1-52966CABA2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE12CBDF-222E-4DE9-927A-3BDDBFFF1E1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFAAAE5-52B1-48EA-98E1-98A854CBE65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5AFCFBB-ED56-4DDB-89D8-B47A20821AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*",
              "matchCriteriaId": "087A9E78-9E5C-4D94-A251-02F9AB160F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "68EE0588-FE7F-4581-9484-52404DB5B99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F72318F-0E9C-4AB1-9CA2-6527513AE0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "63C93992-17F7-4499-BC57-BD67E8A6C508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7180CEA7-150A-4B1D-BDFD-61C320A33148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0244EE5-BF22-491A-A7DE-48F44E2A17FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A583AAD-5B13-4822-AA24-AA7D16305FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2023:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C855788-002F-41E5-BC01-8597E66EDE1C",
              "versionEndExcluding": "2210.0002.004",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2022 (Todas las versiones \u0026lt; V222.0MP12), Solid Edge SE2023 (Todas las versiones \u0026lt; V223.0Update2). Las aplicaciones afectadas contienen una lectura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos PAR especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual."
    }
  ],
  "id": "CVE-2023-24555",
  "lastModified": "2024-11-21T07:48:07.037",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-14T11:15:15.393",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-24555 (GCVE-0-2023-24555)

GHSA-9H73-4H32-23WP

CERTFR-2023-AVI-0121

Solution

GSD-2023-24555

CNVD-2023-09643

FKIE_CVE-2023-24555

Tags

Sightings

Nomenclature