Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-46348 (GCVE-0-2022-46348)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-04-21 13:42
VLAI?
EPSS
Summary
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Parasolid V33.1 |
Affected:
All versions < V33.1.264
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:21:16.601521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:42:35.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Parasolid V33.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V33.1.264"
}
]
},
{
"defaultStatus": "unknown",
"product": "Parasolid V34.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V34.0.252"
}
]
},
{
"defaultStatus": "unknown",
"product": "Parasolid V34.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V34.1.242"
}
]
},
{
"defaultStatus": "unknown",
"product": "Parasolid V35.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V35.0.170"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V222.0MP12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2023",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V223.0Update2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T09:31:13.727Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-46348",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-30T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:42:35.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:31:46.340Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-46348\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-18T15:21:16.601521Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-18T15:21:18.115Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Parasolid V33.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V33.1.264\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Parasolid V34.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V34.0.252\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Parasolid V34.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V34.1.242\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Parasolid V35.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V35.0.170\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Solid Edge SE2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V222.0MP12\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Solid Edge SE2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Solid Edge SE2023\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions \u003c V223.0Update2\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2023-03-14T09:31:13.727Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-46348\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-21T13:42:35.733Z\", \"dateReserved\": \"2022-11-30T00:00:00.000Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2022-12-13T00:00:00.000Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0121
Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14
De multiples vulnérabilités ont été corrigées dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | JT Utilities versions antérieures à V13.2.3.0 | ||
| Siemens | N/A | Parasolid V35.0 versions antérieures à V35.0.170 | ||
| Siemens | N/A | TIA Project-Server versions antérieures à V1.1 | ||
| Siemens | N/A | COMOS V10.3.3.4 versions antérieures à V10.3.3.4.6 | ||
| Siemens | N/A | SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Parasolid V34.1 versions antérieures à V34.1.242 | ||
| Siemens | N/A | TIA Multiuser Server V16 toutes les versions | ||
| Siemens | N/A | COMOS V10.2 toutes les versions | ||
| Siemens | N/A | Simcenter Femap versions antérieures à V2023.1 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.12) antérieures à V9.12.10 | ||
| Siemens | N/A | Parasolid V35.1 versions antérieures à V35.1.150 | ||
| Siemens | N/A | COMOS V10.3.3.3 versions antérieures à V10.3.3.3.9 | ||
| Siemens | N/A | SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Brownfield Connectivity - Client versions antérieures à V2.15 | ||
| Siemens | N/A | COMOS V10.4.2.0 versions antérieures à V10.4.2.0.25 | ||
| Siemens | N/A | TIA Multiuser Server V14 toutes les versions | ||
| Siemens | N/A | COMOS V10.3.3.1 versions antérieures à V10.3.3.1.45 | ||
| Siemens | N/A | Parasolid V34.0 versions antérieures à V34.0.254 | ||
| Siemens | N/A | SiPass integrated AC5102 (ACC-G2) versions antérieures à V2.85.44 | ||
| Siemens | N/A | Solid Edge SE2023 versions antérieures à V2023Update2 | ||
| Siemens | N/A | SiPass integrated ACC-AP versions antérieures à V2.85.43 | ||
| Siemens | N/A | SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | COMOS V10.4.0.0 versions antérieures à V10.4.0.0.31 | ||
| Siemens | N/A | Applications utilisant Mendix versions 7 antérieures à V7.23.34 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.18) antérieures à V9.18.4 | ||
| Siemens | N/A | SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | TIA Multiuser Server V15 versions antérieures à V15.1 Update 8 | ||
| Siemens | N/A | SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions antérieures à V5.5.0 | ||
| Siemens | N/A | SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 8 antérieures à V8.18.23 | ||
| Siemens | N/A | Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions | ||
| Siemens | N/A | SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Brownfield Connectivity - Gateway versions antérieures à V1.11 | ||
| Siemens | N/A | SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | TIA Multiuser Server V17 toutes les versions | ||
| Siemens | N/A | Famille de produits RUGGEDCOM APE1808 toutes les versions | ||
| Siemens | N/A | SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions antérieures à V5.5.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 (V9.6) antérieures à V9.6.15 | ||
| Siemens | N/A | COMOS V10.4.1.0 versions antérieures à V10.4.1.0.32 | ||
| Siemens | N/A | SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions antérieures à V5.5.0 | ||
| Siemens | N/A | COMOS V10.3.3.2 versions antérieures à V10.3.3.2.33 | ||
| Siemens | N/A | Tecnomatix Plant Simulation versions antérieures à V2201.0006 | ||
| Siemens | N/A | JT Open versions antérieures à V11.2.3.0 | ||
| Siemens | N/A | Applications utilisant Mendix versions 9 antérieures à V9.22.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.170",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Project-Server versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.4 versions ant\u00e9rieures \u00e0 V10.3.3.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V34.1 versions ant\u00e9rieures \u00e0 V34.1.242",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V16 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.2 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.12) ant\u00e9rieures \u00e0 V9.12.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.150",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.3 versions ant\u00e9rieures \u00e0 V10.3.3.3.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Brownfield Connectivity - Client versions ant\u00e9rieures \u00e0 V2.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.2.0 versions ant\u00e9rieures \u00e0 V10.4.2.0.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V14 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.1 versions ant\u00e9rieures \u00e0 V10.3.3.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V34.0 versions ant\u00e9rieures \u00e0 V34.0.254",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated AC5102 (ACC-G2) versions ant\u00e9rieures \u00e0 V2.85.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 V2023Update2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated ACC-AP versions ant\u00e9rieures \u00e0 V2.85.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.0.0 versions ant\u00e9rieures \u00e0 V10.4.0.0.31",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 7 ant\u00e9rieures \u00e0 V7.23.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.18) ant\u00e9rieures \u00e0 V9.18.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V15 versions ant\u00e9rieures \u00e0 V15.1 Update 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 8 ant\u00e9rieures \u00e0 V8.18.23",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Brownfield Connectivity - Gateway versions ant\u00e9rieures \u00e0 V1.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Multiuser Server V17 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Famille de produits RUGGEDCOM APE1808 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 (V9.6) ant\u00e9rieures \u00e0 V9.6.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.4.1.0 versions ant\u00e9rieures \u00e0 V10.4.1.0.32",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS V10.3.3.2 versions ant\u00e9rieures \u00e0 V10.3.3.2.33",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation versions ant\u00e9rieures \u00e0 V2201.0006",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Applications utilisant Mendix versions 9 ant\u00e9rieures \u00e0 V9.22.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24556"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-24990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24990"
},
{
"name": "CVE-2022-39157",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
},
{
"name": "CVE-2022-46345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
},
{
"name": "CVE-2023-22669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
},
{
"name": "CVE-2023-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24549"
},
{
"name": "CVE-2023-24560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24560"
},
{
"name": "CVE-2022-31808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31808"
},
{
"name": "CVE-2022-46347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
},
{
"name": "CVE-2022-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
},
{
"name": "CVE-2022-46349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2023-24552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24552"
},
{
"name": "CVE-2021-43391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43391"
},
{
"name": "CVE-2023-24980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24980"
},
{
"name": "CVE-2021-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
},
{
"name": "CVE-2022-33984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33984"
},
{
"name": "CVE-2023-24551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24551"
},
{
"name": "CVE-2022-46346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
},
{
"name": "CVE-2023-24992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24992"
},
{
"name": "CVE-2022-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2022-33906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33906"
},
{
"name": "CVE-2023-24562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24562"
},
{
"name": "CVE-2023-24482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24482"
},
{
"name": "CVE-2023-24994",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24994"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2022-43397",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
},
{
"name": "CVE-2023-24561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24561"
},
{
"name": "CVE-2023-24995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24995"
},
{
"name": "CVE-2022-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30774"
},
{
"name": "CVE-2023-24553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24553"
},
{
"name": "CVE-2023-24984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24984"
},
{
"name": "CVE-2021-32938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
},
{
"name": "CVE-2023-24993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24993"
},
{
"name": "CVE-2023-24558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24558"
},
{
"name": "CVE-2022-46348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
},
{
"name": "CVE-2023-22295",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22295"
},
{
"name": "CVE-2021-32948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
},
{
"name": "CVE-2022-33982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33982"
},
{
"name": "CVE-2023-22846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22846"
},
{
"name": "CVE-2023-24983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24983"
},
{
"name": "CVE-2022-47936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47936"
},
{
"name": "CVE-2022-47977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47977"
},
{
"name": "CVE-2023-24550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24550"
},
{
"name": "CVE-2023-24565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24565"
},
{
"name": "CVE-2023-25140",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25140"
},
{
"name": "CVE-2023-24988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24988"
},
{
"name": "CVE-2022-35868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35868"
},
{
"name": "CVE-2023-24554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24554"
},
{
"name": "CVE-2022-33907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33907"
},
{
"name": "CVE-2021-43336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
},
{
"name": "CVE-2023-24581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24581"
},
{
"name": "CVE-2023-22321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22321"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2023-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24557"
},
{
"name": "CVE-2023-24566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24566"
},
{
"name": "CVE-2023-24978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24978"
},
{
"name": "CVE-2023-24555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24555"
},
{
"name": "CVE-2023-24979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24979"
},
{
"name": "CVE-2023-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22354"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2023-24987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24987"
},
{
"name": "CVE-2023-24986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24986"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2023-23579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23579"
},
{
"name": "CVE-2023-24564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24564"
},
{
"name": "CVE-2023-24982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24982"
},
{
"name": "CVE-2023-24996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24996"
},
{
"name": "CVE-2022-31243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31243"
},
{
"name": "CVE-2023-24563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24563"
},
{
"name": "CVE-2023-24985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24985"
},
{
"name": "CVE-2023-24991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24991"
},
{
"name": "CVE-2023-24981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24981"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-33908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33908"
},
{
"name": "CVE-2023-23835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23835"
},
{
"name": "CVE-2023-24559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24559"
},
{
"name": "CVE-2023-24989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24989"
},
{
"name": "CVE-2023-22670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
}
],
"initial_release_date": "2023-02-14T00:00:00",
"last_revision_date": "2023-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf"
}
],
"reference": "CERTFR-2023-AVI-0121",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-847261 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-693110 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-953464 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-744259 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-617755 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-658793 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-450613 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-491245 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-686975 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-836777 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-565356 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-252808 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-640968 du 14 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-1094
Vulnerability from certfr_avis - Published: 2022-12-13 - Updated: 2022-12-13
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1 | ||
| Siemens | N/A | SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html | ||
| Siemens | N/A | Teamcenter Visualization V13.2.x antérieures à V13.2.0.12 | ||
| Siemens | N/A | TALON TC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SICAM PAS/PQS versions 8.x antérieures à 8.06 | ||
| Siemens | N/A | Parasolid versions V35.0.x antérieures à V35.0.170 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | PLM Help Server V4.2 toutes versions | ||
| Siemens | N/A | SICAM PAS/PQS versions antérieures à 7.0 | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | SINUMERIK Operate versions antérieures à V6.14 | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | Polarion ALM toutes versions | ||
| Siemens | N/A | APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | Mendix Email Connector versions antérieures à 2.0.0 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | JT2Go toutes versions | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14 | ||
| Siemens | N/A | APOGEE PXC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SCALANCE X-200RNA toutes versions | ||
| Siemens | N/A | SINAMICS STARTER versions antérieures à V5.4 HF2 | ||
| Siemens | N/A | Simcenter STAR-CCM+ toutes versions | ||
| Siemens | N/A | SIMATIC Automation Tool versions antérieures à V4 SP2 | ||
| Siemens | N/A | SIMATIC PCS neo versions antérieures à V3.0 SP1 | ||
| Siemens | N/A | Parasolid versions V33.1.x antérieures à V33.1.264 | ||
| Siemens | N/A | SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V1.0 SP2 | ||
| Siemens | N/A | Parasolid versions V34.1.x antérieures à V34.1.242 | ||
| Siemens | N/A | SIMATIC Drive Controller family versions antérieures à V3.0.1 | ||
| Siemens | N/A | Teamcenter Visualization V13.3.x | ||
| Siemens | N/A | Parasolid versions V34.0.x antérieures à V34.0.252 | ||
| Siemens | N/A | SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html | ||
| Siemens | N/A | Teamcenter Visualization V14.1.x antérieures à V14.1.0.6 | ||
| Siemens | N/A | Mcenter versions supérieures ou égales à V5.2.1.0 | ||
| Siemens | N/A | SINEMA Server versions antérieures à V14 SP3 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.15.x | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13 | ||
| Siemens | N/A | RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html | ||
| Siemens | N/A | SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | Teamcenter Visualization V14.0.x | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | SIMATIC NET PC Software V16 versions antérieures à V16 Upd3 | ||
| Siemens | N/A | SIMATIC ProSave versions antérieures à V17 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à V21.8 | ||
| Siemens | N/A | Mendix Workflow Commons versions antérieures à 2.4.0 | ||
| Siemens | N/A | SINAMICS Startdrive versions antérieures à V16 Update 3 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions | ||
| Siemens | N/A | SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018 | ||
| Siemens | N/A | Calibre ICE versions supérieures ou égales à V2022.4 | ||
| Siemens | N/A | SINUMERIK ONE virtual versions antérieures à V6.14 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLM Help Server V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter STAR-CCM+ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.15.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2015-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2021-40365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
},
{
"name": "CVE-2022-41279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
},
{
"name": "CVE-2022-46353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2019-6110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
},
{
"name": "CVE-2022-46352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2022-46347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
},
{
"name": "CVE-2022-46349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2015-6563",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2022-46351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
},
{
"name": "CVE-2015-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2003-1562",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
},
{
"name": "CVE-2022-41280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2022-46346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
},
{
"name": "CVE-2022-41283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
},
{
"name": "CVE-2022-46144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
},
{
"name": "CVE-2016-6302",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
},
{
"name": "CVE-2022-45044",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
},
{
"name": "CVE-2018-4842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
},
{
"name": "CVE-2022-44731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
},
{
"name": "CVE-2022-46355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2022-41288",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
},
{
"name": "CVE-2019-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
},
{
"name": "CVE-2016-1907",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
},
{
"name": "CVE-2016-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
},
{
"name": "CVE-2022-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
},
{
"name": "CVE-2016-10011",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
},
{
"name": "CVE-2015-6565",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
},
{
"name": "CVE-2022-3160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
},
{
"name": "CVE-2016-6307",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
},
{
"name": "CVE-2016-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2022-41282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
},
{
"name": "CVE-2015-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2022-46350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
},
{
"name": "CVE-2022-46142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
},
{
"name": "CVE-2015-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2022-46348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
},
{
"name": "CVE-2022-46140",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
},
{
"name": "CVE-2016-1908",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2019-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2016-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
},
{
"name": "CVE-2019-6111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2016-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
},
{
"name": "CVE-2015-3197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
},
{
"name": "CVE-2022-41281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2015-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2020-7580",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
},
{
"name": "CVE-2015-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
},
{
"name": "CVE-2016-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
},
{
"name": "CVE-2015-1794",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
},
{
"name": "CVE-2022-34821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
},
{
"name": "CVE-2016-6308",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
},
{
"name": "CVE-2021-44694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
},
{
"name": "CVE-2016-6306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
},
{
"name": "CVE-2017-15906",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
},
{
"name": "CVE-2021-44695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
},
{
"name": "CVE-2022-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
},
{
"name": "CVE-2016-10010",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
},
{
"name": "CVE-2022-45936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
},
{
"name": "CVE-2022-46265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2016-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2014-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2015-3193",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
},
{
"name": "CVE-2022-43723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
},
{
"name": "CVE-2018-15473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2022-45484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2003-0190",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
},
{
"name": "CVE-2018-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
},
{
"name": "CVE-2016-6305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
},
{
"name": "CVE-2015-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
},
{
"name": "CVE-2016-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
},
{
"name": "CVE-2022-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
},
{
"name": "CVE-2022-41286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
},
{
"name": "CVE-2016-10012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
},
{
"name": "CVE-2022-41278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2015-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
},
{
"name": "CVE-2022-41287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
},
{
"name": "CVE-2022-45937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
},
{
"name": "CVE-2022-46354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
},
{
"name": "CVE-2022-43724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
},
{
"name": "CVE-2022-43722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
},
{
"name": "CVE-2016-6210",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
},
{
"name": "CVE-2015-3196",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2022-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
},
{
"name": "CVE-2016-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
},
{
"name": "CVE-2015-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
},
{
"name": "CVE-2016-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
},
{
"name": "CVE-2021-44693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2016-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
},
{
"name": "CVE-2016-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
},
{
"name": "CVE-2015-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2022-44575",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
},
{
"name": "CVE-2022-41285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
},
{
"name": "CVE-2022-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
},
{
"name": "CVE-2022-3159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2018-4848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
}
],
"initial_release_date": "2022-12-13T00:00:00",
"last_revision_date": "2022-12-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1094",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2022-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
}
]
}
GHSA-FHJJ-58HV-2G42
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 21:30
VLAI?
Details
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-46348"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)",
"id": "GHSA-fhjj-58hv-2g42",
"modified": "2022-12-15T21:30:27Z",
"published": "2022-12-13T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46348"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2022-89757
Vulnerability from cnvd - Published: 2022-12-26
VLAI Severity ?
Title
Siemens Parasolid越界写入漏洞(CNVD-2022-89757)
Description
Siemens Parasolid是德国西门子(Siemens)公司的一个几何建模内核。
Siemens Parasolid存在越界写入漏洞,该漏洞是由于受影响的应用程序在解析特制的X_B文件时包含超出分配结构末尾的越界写入。攻击者可利用该漏洞在当前进程的上下文中执行代码。
Severity
高
Patch Name
Siemens Parasolid越界写入漏洞(CNVD-2022-89757)的补丁
Patch Description
Siemens Parasolid是德国西门子(Siemens)公司的一个几何建模内核。
Siemens Parasolid存在越界写入漏洞,该漏洞是由于受影响的应用程序在解析特制的X_B文件时包含超出分配结构末尾的越界写入。攻击者可利用该漏洞在当前进程的上下文中执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-46348
Impacted products
| Name | ['Siemens Parasolid >=34.1,<34.1.242', 'Siemens Parasolid >=34.0,<34.0.252', 'Siemens Parasolid >=33.1,<33.1.264', 'Siemens Parasolid >=35.0,<35.0.170'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-46348",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-46348"
}
},
"description": "Siemens Parasolid\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u51e0\u4f55\u5efa\u6a21\u5185\u6838\u3002\n\nSiemens Parasolid\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5728\u89e3\u6790\u7279\u5236\u7684X_B\u6587\u4ef6\u65f6\u5305\u542b\u8d85\u51fa\u5206\u914d\u7ed3\u6784\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-89757",
"openTime": "2022-12-26",
"patchDescription": "Siemens Parasolid\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u51e0\u4f55\u5efa\u6a21\u5185\u6838\u3002\r\n\r\nSiemens Parasolid\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5728\u89e3\u6790\u7279\u5236\u7684X_B\u6587\u4ef6\u65f6\u5305\u542b\u8d85\u51fa\u5206\u914d\u7ed3\u6784\u672b\u5c3e\u7684\u8d8a\u754c\u5199\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Parasolid\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2022-89757\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Parasolid \u003e=34.1\uff0c\u003c34.1.242",
"Siemens Parasolid \u003e=34.0\uff0c\u003c34.0.252",
"Siemens Parasolid \u003e=33.1\uff0c\u003c33.1.264",
"Siemens Parasolid \u003e=35.0\uff0c\u003c35.0.170"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-46348",
"serverity": "\u9ad8",
"submitTime": "2022-12-16",
"title": "Siemens Parasolid\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2022-89757\uff09"
}
GSD-2022-46348
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-46348",
"id": "GSD-2022-46348"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-46348"
],
"details": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)",
"id": "GSD-2022-46348",
"modified": "2023-12-13T01:19:37.930284Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-46348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Parasolid V33.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V33.1.264"
}
]
}
},
{
"product_name": "Parasolid V34.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V34.0.252"
}
]
}
},
{
"product_name": "Parasolid V34.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V34.1.242"
}
]
}
},
{
"product_name": "Parasolid V35.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V35.0.170"
}
]
}
},
{
"product_name": "Solid Edge SE2022",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V222.0MP12"
},
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Solid Edge SE2023",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V223.0Update2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-787",
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "34.1.242",
"versionStartIncluding": "34.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "34.0.252",
"versionStartIncluding": "34.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "33.1.264",
"versionStartIncluding": "33.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "35.0.170",
"versionStartIncluding": "35.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-46348"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf",
"refsource": "MISC",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-03-14T10:15Z",
"publishedDate": "2022-12-13T16:15Z"
}
}
}
FKIE_CVE-2022-46348
Vulnerability from fkie_nvd - Published: 2022-12-13 16:15 - Updated: 2024-11-21 07:30
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1405366-A402-4908-858D-E844853BE1DA",
"versionEndExcluding": "33.1.264",
"versionStartIncluding": "33.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D9079D-6138-4602-A982-9BC4ECBC35E7",
"versionEndExcluding": "34.0.252",
"versionStartIncluding": "34.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C486991-A1C0-4815-AAD6-163464D711AA",
"versionEndExcluding": "34.1.242",
"versionStartIncluding": "34.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2114FD-BB07-4C24-98B1-928A510565BB",
"versionEndExcluding": "35.0.170",
"versionStartIncluding": "35.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V33.1 (All versions \u003c V33.1.264), Parasolid V34.0 (All versions \u003c V34.0.252), Parasolid V34.1 (All versions \u003c V34.1.242), Parasolid V35.0 (All versions \u003c V35.0.170), Solid Edge SE2022 (All versions \u003c V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions \u003c V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en:\nParasolid V33.1 (Todas las versiones \u0026lt; V33.1.264), \nParasolid V34.0 (Todas las versiones \u0026lt; V34.0.252), \nParasolid V34.1 (Todas las versiones \u0026lt; V34.1.242), \nParasolid V35 .0 (Todas las versiones \u0026lt; V35.0.170), \nSolid Edge SE2022 (Todas las versiones \u0026lt; V222.0MP12), \nSolid Edge SE2022 (Todas las versiones), \nSolid Edge SE2023 (Todas las versiones \u0026lt; V223.0Update2). \nLas aplicaciones afectadas contienen una escritura fuera de los l\u00edmites m\u00e1s all\u00e1 del final de una estructura asignada mientras analizan archivos X_B especialmente manipulados. Esto podr\u00eda permitir a un atacante ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-19383)"
}
],
"id": "CVE-2022-46348",
"lastModified": "2024-11-21T07:30:26.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-12-13T16:15:25.530",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…