CVE-2023-39419
First published: Tue Aug 08 2023(Updated: )
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Solid Edge | =se2023 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-39419.
What is the severity of CVE-2023-39419?
The severity of CVE-2023-39419 is high with a severity value of 7.8.
Which versions of Solid Edge SE2023 are affected by this vulnerability?
All versions of Solid Edge SE2023 that are less than V223.0 Update 7 are affected.
What is the impact of this vulnerability?
This vulnerability could allow an attacker to execute code in the context of the current user.
Is there a fix available for CVE-2023-39419?
Yes, Siemens has released an update (V223.0 Update 7) that addresses the vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens solid edge
- version/siemens solid edge/se2023