CVE-2023-38524 — NULL Pointer Dereference in Siemens Parasolid V34.1

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

2.0LOWNVD

EPSS

0.1%

top 84.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Parasolid V34.1 Siemens Parasolid V35.0 Siemens Parasolid V35.1 +5 more

Timeline

PublishedAug 8

Description

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in t…

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages8 packages

▶NVDsiemens/teamcenter_visualization14.1 — 14.1.0.11+2

▶CVEListV5siemens/teamcenter_visualization_v14.1< V14.1.0.11

▶CVEListV5siemens/teamcenter_visualization_v14.2< V14.2.0.6

▶CVEListV5siemens/teamcenter_visualization_v14.3< V14.3.0.3

▶NVDsiemens/parasolid34.1 — 34.1.258+2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-qvmc-288x-8mfh: A vulnerability has been identified in Parasolid V34↗2023-08-08

▶

CVEList

CVE-2023-38524: A vulnerability has been identified in Parasolid V34↗2023-08-08

▶