First published: Tue Aug 08 2023(Updated: )
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Solid Edge | =se2023 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Solid Edge SE2023 vulnerability is CVE-2023-39549.
All versions of Solid Edge SE2023 less than V223.0 Update 2 are affected by this vulnerability.
The severity of the CVE-2023-39549 vulnerability is high with a CVSS score of 7.8.
The use-after-free vulnerability in Solid Edge SE2023 CVE-2023-39549 can be triggered while parsing specially crafted DWG files, allowing an attacker to execute code in the context of the affected application.
Yes, Siemens has released an update, V223.0 Update 2, that fixes the Solid Edge SE2023 CVE-2023-39549 vulnerability.