CVE-2023-41032
First published: Tue Sep 12 2023(Updated: )
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)
Credit: productcert@siemens.com productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Parasolid | >=34.1<34.1.258 | |
| Siemens Parasolid | >=35.0<35.0.253 | |
| Siemens Parasolid | >=35.1<35.1.184 | |
| Siemens Parasolid | >=36.0<36.0.142 | |
| Siemens Simcenter Femap | >=2301.0<2301.0003 | |
| Siemens Simcenter Femap | >=2306.0<2306.0001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-41032?
The severity of CVE-2023-41032 is high.
What is the affected software of CVE-2023-41032?
The affected software of CVE-2023-41032 is Siemens Parasolid versions: < V34.1.258, < V35.0.253, < V35.1.184, < V36.0.142.
What is the vulnerability in CVE-2023-41032?
The vulnerability in CVE-2023-41032 is an out of bounds write past the end of an allocated memory.
How can I fix CVE-2023-41032?
To fix CVE-2023-41032, update to a version higher than V34.1.258 for Parasolid V34.1, higher than V35.0.253 for Parasolid V35.0, higher than V35.1.184 for Parasolid V35.1, and higher than V36.0.142 for Parasolid V36.0.
Where can I find more information about CVE-2023-41032?
You can find more information about CVE-2023-41032 at https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf.
- collector/nvd-index
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/tags
- agent/epss
- vendor/siemens
- canonical/siemens parasolid
- version/siemens parasolid/34.1
- version/siemens parasolid/35.0
- version/siemens parasolid/35.1
- version/siemens parasolid/36.0
- canonical/siemens simcenter femap
- version/siemens simcenter femap/2301.0
- version/siemens simcenter femap/2306.0