CVE-2023-38532 - OpenCVE

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Teamcenter Visualization Parasolid

Configuration 1 [-]

OR	cpe:2.3:a:siemens:parasolid::::::::
	cpe:2.3:a:siemens:parasolid::::::::
	cpe:2.3:a:siemens:parasolid::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::
	cpe:2.3:a:siemens:teamcenter_visualization::::::::

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-407785.html
https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2023-08-08T09:20:41.916Z

Updated: 2024-06-11T14:20:01.496Z

Reserved: 2023-07-19T09:55:44.211Z

Link: CVE-2023-38532

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-08T10:15:16.403

Modified: 2024-06-11T12:15:12.053

Link: CVE-2023-38532

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38532", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2023-07-19T09:55:44.211Z", "datePublished": "2023-08-08T09:20:41.916Z", "dateUpdated": "2024-06-11T14:20:01.496Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-06-11T14:20:01.496Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."}], "affected": [{"vendor": "Siemens", "product": "Parasolid V34.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V34.1.258", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Parasolid V35.0", "versions": [{"status": "affected", "version": "0", "lessThan": "V35.0.254", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Parasolid V35.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V35.1.171", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.1", "versions": [{"status": "affected", "version": "0", "lessThan": "V14.1.0.11", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.2", "versions": [{"status": "affected", "version": "0", "lessThan": "V14.2.0.6", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Teamcenter Visualization V14.3", "versions": [{"status": "affected", "version": "0", "lessThan": "V14.3.0.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseScore": 3.3, "baseSeverity": "LOW"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseScore": 4.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7751190-C386-451B-88B5-4BB4DCBFCE44", "versionEndExcluding": "34.1.258", "versionStartIncluding": "34.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B5F1A02-44EB-45AA-B071-764B64473313", "versionEndExcluding": "35.0.254", "versionStartIncluding": "35.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA7FF725-2396-492A-8B97-CA77B4EFCC48", "versionEndExcluding": "35.1.171", "versionStartIncluding": "35.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EF3388B-D057-4DB9-96AE-B6F4678FE5B8", "versionEndExcluding": "14.1.0.11", "versionStartIncluding": "14.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E1EFF45-5311-4E89-B736-271EF3C0C232", "versionEndExcluding": "14.2.0.6", "versionStartIncluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "matchCriteriaId": "99F0D457-7D65-40DC-BCFA-339FA5648709", "versionEndExcluding": "14.3.0.3", "versionStartIncluding": "14.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Parasolid V34.1 (Todas las versiones inferiores a V34.1.258), Parasolid V35.0 (Todas las versiones inferiores a V35.0.254), Parasolid V35.1 (Todas las versiones inferiores a V35.1. 171), Teamcenter Visualization V14.1 (Todas las versiones inferiores a V14.1.0.11), Teamcenter Visualization V14.2 (Todas las versiones inferiores a V14.2.0.6), Teamcenter Visualization V14.3 (Todas las versiones inferiores a V14.3.0.3). La aplicaci\u00f3n afectada contiene una vulnerabilidad de agotamiento de pila al analizar un archivo X_T especialmente dise\u00f1ado. Esto podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2023-38532", "lastModified": "2024-06-11T12:15:12.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2023-08-08T10:15:16.403", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html"}, {"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "productcert@siemens.com", "type": "Secondary"}]}