First published: Tue Oct 10 2023(Updated: )
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Parasolid | >=35.0<35.0.262 | |
Siemens Parasolid | >=35.1<35.1.250 | |
Siemens Parasolid | >=36.0<36.0.169 | |
Siemens Tecnomatix | >=2201<2201.0009 | |
Siemens Tecnomatix | >=2302<2302.0003 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-45601 is high, with a severity value of 7.8.
Affected software versions include Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), and Tecnomatix Plant Simulation V2302 (All versions < V2302.0003).
To fix CVE-2023-45601, update Parasolid to version V35.0.262 or higher, Parasolid V35.1 to version V35.1.250 or higher, Parasolid V36.0 to version V36.0.169 or higher, Tecnomatix Plant Simulation V2201 to version V2201.0009 or higher, and Tecnomatix Plant Simulation V2302 to version V2302.0003 or higher.
The Common Weakness Enumeration (CWE) ID for CVE-2023-45601 is CWE-787 and CWE-121.
You can find more information about CVE-2023-45601 in the official Siemens CERT portal: [link to Siemens CERT portal](https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf).