First published: Tue Feb 14 2023(Updated: )
A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Parasolid | >=34.0<34.0.254 | |
Siemens Parasolid | >=34.1<34.1.242 | |
Siemens Parasolid | >=35.0<35.0.170 | |
Siemens Parasolid | >=35.1<35.1.150 | |
Siemens Solid Edge | =se2022 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-25140 is high with a severity value of 7.8.
The affected software versions for CVE-2023-25140 are Parasolid V34.0 (< V34.0.254), Parasolid V34.1 (< V34.1.242), Parasolid V35.0 (< V35.0.170), Parasolid V35.1 (< V35.1.150), and Solid Edge SE2022 (< V222.0MP12).
The vulnerability identified in CVE-2023-25140 is present in the affected applications and allows for arbitrary code execution.
To fix CVE-2023-25140, it is recommended to update to the latest patched version of the affected software.
More information about CVE-2023-25140 can be found in the following references: [Reference 1](https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf) and [Reference 2](https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf).