Severity
High
Analysis Summary
CVE-2023-44084 CVSS:7.8
Siemens Parasolid could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read when parsing SPP files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-44081 CVSS:7.8
Siemens Parasolid could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when parsing SPP files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-44084
- CVE-2023-44081
Affected Vendors
Siemens
Affected Products
- Siemens Parasolid 35.0
- Siemens Tecnomatix Plant Simulation 2201
- Siemens Tecnomatix Plant Simulation 2302
- Siemens Parasolid 35.1
- Siemens Parasolid 36.0
Remediation
Refer to Siemens Security Advisory SSA-524778 for patch, upgrade or suggested workaround information.