All the vulnerabilites related to Siemens - Parasolid V36.0
cve-2023-41033
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 18:46
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: All versions < V35.1.246
Siemens Parasolid V36.0 Version: All versions < V36.0.156
Siemens Simcenter Femap V2301 Version: All versions < V2301.0003
Siemens Simcenter Femap V2306 Version: All versions < V2306.0001
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.0.260"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.1.246"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V36.0.156"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Simcenter Femap V2301",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2301.0003"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Simcenter Femap V2306",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2306.0001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Parasolid V35.0 (All versions \u003c V35.0.260), Parasolid V35.1 (All versions \u003c V35.1.246), Parasolid V36.0 (All versions \u003c V36.0.156), Simcenter Femap V2301 (All versions \u003c V2301.0003), Simcenter Femap V2306 (All versions \u003c V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T11:03:43.928Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-41033",
    "datePublished": "2023-09-12T09:32:34.938Z",
    "dateReserved": "2023-08-22T15:41:08.130Z",
    "dateUpdated": "2024-08-02T18:46:11.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26275
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: 0   < V35.1.254
Siemens Parasolid V36.0 Version: 0   < V36.0.207
Siemens Parasolid V36.1 Version: 0   < V36.1.147
Siemens Teamcenter Visualization V14.2 Version: 0   < V14.2.0.12
Siemens Teamcenter Visualization V14.3 Version: 0   < V14.3.0.9
Siemens Teamcenter Visualization V2312 Version: 0   < V2312.0004
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jt2go",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2312.0004",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "35.1.254",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "36.0.207",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "36.1.147",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "teamcenter_visualization",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "14.2",
                "versionType": "custom"
              },
              {
                "lessThan": "14.3.0.9",
                "status": "affected",
                "version": "14.3",
                "versionType": "custom"
              },
              {
                "lessThan": "2312.0004",
                "status": "affected",
                "version": "2312",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26275",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T15:24:40.222186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T18:33:02.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.1.254",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.0.207",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.1.147",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.2.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.3.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V2312",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T07:54:00.911Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-26275",
    "datePublished": "2024-04-09T08:34:36.604Z",
    "dateReserved": "2024-02-15T10:54:03.168Z",
    "dateUpdated": "2024-08-13T07:54:00.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41032
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 18:46
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)
Impacted products
Vendor Product Version
Siemens Parasolid V35.0 Version: All versions < V35.0.253
Siemens Parasolid V35.1 Version: All versions < V35.1.184
Siemens Parasolid V36.0 Version: All versions < V36.0.142
Siemens Simcenter Femap V2301 Version: All versions < V2301.0003
Siemens Simcenter Femap V2306 Version: All versions < V2306.0001
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/advisories/be-2023-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V34.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V34.1.258"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.0.253"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.1.184"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V36.0.142"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Simcenter Femap V2301",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2301.0003"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Simcenter Femap V2306",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2306.0001"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.253), Parasolid V35.1 (All versions \u003c V35.1.184), Parasolid V36.0 (All versions \u003c V36.0.142), Simcenter Femap V2301 (All versions \u003c V2301.0003), Simcenter Femap V2306 (All versions \u003c V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T11:03:42.705Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
        },
        {
          "url": "https://www.bentley.com/advisories/be-2023-0004/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-41032",
    "datePublished": "2023-09-12T09:32:33.893Z",
    "dateReserved": "2023-08-22T15:41:08.129Z",
    "dateUpdated": "2024-08-02T18:46:11.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26277
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: 0   < V35.1.254
Siemens Parasolid V36.0 Version: 0   < V36.0.207
Siemens Parasolid V36.1 Version: 0   < V36.1.147
Siemens Teamcenter Visualization V14.2 Version: 0   < V14.2.0.12
Siemens Teamcenter Visualization V14.3 Version: 0   < V14.3.0.9
Siemens Teamcenter Visualization V2312 Version: 0   < V2312.0004
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T19:51:56.120704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:18.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:18.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.1.254",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.0.207",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.1.147",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.2.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.3.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V2312",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T07:54:03.735Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-26277",
    "datePublished": "2024-04-09T08:34:38.896Z",
    "dateReserved": "2024-02-15T10:54:03.168Z",
    "dateUpdated": "2024-08-13T07:54:03.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-45601
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2024-09-19 14:07
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: All versions < V35.1.250
Siemens Parasolid V36.0 Version: All versions < V36.0.169
Siemens Tecnomatix Plant Simulation V2201 Version: All versions < V2201.0009
Siemens Tecnomatix Plant Simulation V2302 Version: All versions < V2302.0003
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:21:16.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:07:38.593206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:07:50.300Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.0.262"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V35.1.250"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V36.0.169"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Tecnomatix Plant Simulation V2201",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2201.0009"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Tecnomatix Plant Simulation V2302",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2302.0003"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Parasolid V35.0 (All versions \u003c V35.0.262), Parasolid V35.1 (All versions \u003c V35.1.250), Parasolid V36.0 (All versions \u003c V36.0.169), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0009), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T10:21:47.253Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-45601",
    "datePublished": "2023-10-10T10:21:47.253Z",
    "dateReserved": "2023-10-09T09:36:15.785Z",
    "dateUpdated": "2024-09-19T14:07:50.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26276
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: 0   < V35.1.254
Siemens Parasolid V36.0 Version: 0   < V36.0.207
Siemens Parasolid V36.1 Version: 0   < V36.1.147
Siemens Teamcenter Visualization V14.2 Version: 0   < V14.2.0.12
Siemens Teamcenter Visualization V14.3 Version: 0   < V14.3.0.9
Siemens Teamcenter Visualization V2312 Version: 0   < V2312.0004
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "35.1.254",
                "status": "affected",
                "version": "35.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "36.0.207",
                "status": "affected",
                "version": "36.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "36.1.147",
                "status": "affected",
                "version": "36.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26276",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T13:40:25.505191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:53:58.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:18.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.1.254",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.0.207",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.1.147",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.2.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.3.0.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V2312",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0004",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T07:54:02.376Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-26276",
    "datePublished": "2024-04-09T08:34:37.744Z",
    "dateReserved": "2024-02-15T10:54:03.168Z",
    "dateUpdated": "2024-08-13T07:54:02.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-49125
Vulnerability from cvelistv5
Published
2024-02-13 08:59
Modified
2024-08-02 21:46
Summary
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.
Impacted products
Vendor Product Version
Siemens Parasolid V35.1 Version: 0   < V35.1.252
Siemens Parasolid V36.0 Version: 0   < V36.0.198
Siemens Solid Edge SE2023 Version: 0   < V223.0 Update 11
Siemens Solid Edge SE2024 Version: 0   < V224.0 Update 3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.0.263",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.1.252",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.0.198",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Solid Edge SE2023",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V223.0 Update 11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Solid Edge SE2024",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V224.0 Update 3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Parasolid V35.0 (All versions \u003c V35.0.263), Parasolid V35.1 (All versions \u003c V35.1.252), Parasolid V36.0 (All versions \u003c V36.0.198), Solid Edge SE2023 (All versions \u003c V223.0 Update 11), Solid Edge SE2024 (All versions \u003c V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T07:23:49.243Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-49125",
    "datePublished": "2024-02-13T08:59:57.813Z",
    "dateReserved": "2023-11-22T14:43:13.524Z",
    "dateUpdated": "2024-08-02T21:46:29.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-31980
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 01:59
Summary
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)
Impacted products
Vendor Product Version
Siemens Parasolid V36.0 Version: 0   < V36.0.210
Siemens Parasolid V36.1 Version: 0   < V36.1.185
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "35.1.256",
                "status": "affected",
                "version": "35.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "36.0.210",
                "status": "affected",
                "version": "36.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parasolid",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "36.1.185",
                "status": "affected",
                "version": "36.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T13:39:14.173926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T17:09:32.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:59:50.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V35.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V35.1.256",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.0.210",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Parasolid V36.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V36.1.185",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.256), Parasolid V36.0 (All versions \u003c V36.0.210), Parasolid V36.1 (All versions \u003c V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T07:24:15.740Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-31980",
    "datePublished": "2024-05-14T10:02:27.405Z",
    "dateReserved": "2024-04-08T12:20:23.712Z",
    "dateUpdated": "2024-08-02T01:59:50.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}