First published: Tue Sep 13 2022(Updated: )
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simcenter Femap | >=2022.1<2022.1.3 | |
Siemens Simcenter Femap | >=2022.2<2022.2.2 | |
Siemens Parasolid | >=33.1<33.1.262 | |
Siemens Parasolid | >=34.0<34.0.252 | |
Siemens Parasolid | >=34.1<34.1.242 | |
Siemens Parasolid | >=35.0<35.0.161 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-39140 is high with a CVSS score of 7.8.
The affected software versions are Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), and Simcenter Femap V2022.2 (All versions < V2022.2.2).
The CWE classification for CVE-2022-39140 is CWE-787.
Yes, the security advisory for CVE-2022-39140 can be found at https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf.
To fix CVE-2022-39140, it is recommended to update to the latest patched version of the affected software.