Severity
High
Analysis Summary
CVE-2023-30898 CVSS:9.9
Siemens Siveillance Video could allow a remote authenticated attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the Event Server component. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-30899 CVSS:9.9
Siemens Siveillance Video could allow a remote authenticated attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in the Management Server component. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-30985 CVSS:3.3
Siemens Solid Edge could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when parsing OBJ files. By persuading a victim to open a specially crafted OBJ file, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-30986 CVSS:7.8
Siemens Solid Edge could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption when parsing STP files. By persuading a victim to open a specially crafted STP file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
Impact
- Code Execution
- Information Disclosur
Indicators Of Compromise
CVE
- CVE-2023-30898
- CVE-2023-30899
- CVE-2023-30985
- CVE-2023-30986
Affected Vendors
Siemens
Affected Products
- Siemens Siveillance Video 2020 R2 20.1
- Siemens Siveillance Video 2023 R1 23.0
- Siemens Solid Edge SE2023 VX.223.0 Update 2
- Siemens Solid Edge SE2023 VX.223.0 Update 1
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.