CVE-2023-38524

Summary

CVE-2023-38524 is a vulnerability found in multiple versions of Parasolid and Teamcenter Visualization software. This vulnerability is categorized as a NULL Pointer Dereference (CWE-476). It occurs when parsing specially crafted X_T files, resulting in a null pointer dereference. As a consequence, an attacker could exploit this vulnerability to execute arbitrary code within the current process. The affected products include Parasolid V34.1, Parasolid V35.0, Parasolid V35.1, Teamcenter Visualization V14.1, Teamcenter Visualization V14.2, and Teamcenter Visualization V14.3. The risk score for this vulnerability is 25 out of 100, with a base severity of LOW according to the CVSS:3.1 vector string provided by Siemens product certification. It requires user interaction and has a low attack complexity and availability impact. To remediate this vulnerability, it is recommended to update the affected software versions to at least the specified fixed versions (V34.1.258, V35.0.254, V35.1.171, V14.1.0.11, V14.2.0.6, or V14.3.0.3) or apply any patches or security updates provided by the software vendor. Note: The paragraph report is based on the provided information without additional external sources or analysis beyond what is given in the text snippet above from one or more sources

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.