CVE-2023-28830

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_12:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0001:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0002:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0003:*:*:*:*:*:*:*

History

15 Aug 2023, 16:54

Type Values Removed Values Added
First Time Siemens
Siemens solid Edge Se2022
Siemens teamcenter Visualization
Siemens jt2go
Siemens solid Edge Se2023
CWE CWE-416
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf - Vendor Advisory
CPE cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_9:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_4:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_11:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_8:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0002:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0003:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_10:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_12:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_7:*:*:*:*:*:*:*
cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_3:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2023:update_0001:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge_se2022:maintenance_pack_1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

08 Aug 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-08 10:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-28830

Mitre link : CVE-2023-28830

CVE.ORG link : CVE-2023-28830


JSON object : View

Products Affected

siemens

  • jt2go
  • solid_edge_se2022
  • solid_edge_se2023
  • teamcenter_visualization
CWE
CWE-416

Use After Free