CVE-2023-30985

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

EPSS Низкий

Описание

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-932528.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-932528.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge_se2023:update_0001:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-r26h-mc72-92q2

CVSS3: 3.3

github

больше 2 лет назад

A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

EPSS

Процентиль: 26%

0.00089

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-125