CVE-2023-38524

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Aug 8, 2023
Updated: Feb 1, 2024
CWE ID 476

Summary

CVE-2023-38524 is a vulnerability found in multiple versions of Parasolid and Teamcenter Visualization software. This vulnerability is categorized as a NULL Pointer Dereference (CWE-476). It occurs when parsing specially crafted X_T files, resulting in a null pointer dereference. As a consequence, an attacker could exploit this vulnerability to execute arbitrary code within the current process. The affected products include Parasolid V34.1, Parasolid V35.0, Parasolid V35.1, Teamcenter Visualization V14.1, Teamcenter Visualization V14.2, and Teamcenter Visualization V14.3. The risk score for this vulnerability is 25 out of 100, with a base severity of LOW according to the CVSS:3.1 vector string provided by Siemens product certification. It requires user interaction and has a low attack complexity and availability impact. To remediate this vulnerability, it is recommended to update the affected software versions to at least the specified fixed versions (V34.1.258, V35.0.254, V35.1.171, V14.1.0.11, V14.2.0.6, or V14.3.0.3) or apply any patches or security updates provided by the software vendor. Note: The paragraph report is based on the provided information without additional external sources or analysis beyond what is given in the text snippet above from one or more sources

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38524 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options