CVE-2024-35303Incorrect Type Conversion or Cast in Siemens Tecnomatix Plant Simulation V2302

CWE-704Incorrect Type Conversion or Cast3 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.1%
top 71.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Tecnomatix Plant Simulation V2302Siemens Tecnomatix Plant Simulation V2404
Timeline
PublishedJun 11

Description

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958)

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-564f-4f44-r6r6: A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V23022024-06-11
CVEList
CVE-2024-35303: A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V23022024-06-11
CVE-2024-35303 — Incorrect Type Conversion or Cast | cvebase