VDB
ICSA-23-131-01
ICSA-23-131-01
PUBLISHED
CVSS 2.200000047683716 LOW
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DWG, IFC, OBJ or STP format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code. Siemens has released several updates for Solid Edge SE2023 and recommends to update to the latest version.
Risk Scores
CVSS v3.1
2.200000047683716
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solid Edge SE2023 |
Timeline
- May 9, 2023 CVE Published
- Aug 8, 2023 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-932528.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-932528.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-932528.pdf advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-932528.txt advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-131-01.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-01 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.sw.siemens.com/ fix