Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30033

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-12 Aug, 2025 | 11:16
Updated At-12 Aug, 2025 | 20:10
Rejected At-
Credits

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:12 Aug, 2025 | 11:16
Updated At:12 Aug, 2025 | 20:10
Rejected At:
▼CVE Numbering Authority (CNA)

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

Affected Products
Vendor
Siemens AGSiemens
Product
Automation License Manager V6.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Automation License Manager V6.2
Default Status
unknown
Versions
Affected
  • From 0 before V6.2 Upd3 (custom)
Vendor
Siemens AGSiemens
Product
CEMAT V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
CP PtP Param configuring interface
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Create MyConfig (CMC)
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Energy Support Library (EnSL)
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
FM Configuration Package
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Modular PID CTRL Tool
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
MultiFieldbus Configuration Tool (MFCT)
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
OpenPCS 7 V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
OpenPCS 7 V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Siemens Network Planner (SINETPLAN)
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Automation Tool
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Automation Tool SDK Windows
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC BATCH V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC BATCH V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Control Function Library (CFL) V1.0.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Control Function Library (CFL) V2.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Control Function Library (CFL) V3.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Control Function Library (CFL) V4.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC D7-SYS
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC eaSie Core Package
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC eaSie Document Skills
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC eaSie PCS 7 Skill Package
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC eaSie Workflow Skills
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Energy Suite V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Energy Suite V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Energy Suite V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Logon V1.6
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Logon V2.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Management Agent
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Management Console
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP CREATOR V2.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP CREATOR V3.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP CREATOR V4.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP CREATOR V5.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP Integrator V1.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC MTP Integrator V2.x
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC NET PC Software V16
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC NET PC Software V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC NET PC Software V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC NET PC Software V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC NET PC Software V20
Default Status
unknown
Versions
Affected
  • From 0 before V20.0 Update 1 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC ODK 1500S
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Faceplates V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Functions V2.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Functions V2.2
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Graphics V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Graphics V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Advanced Process Library V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Basis Faceplates V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Basis Library V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Basis Library V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Industry Library V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Industry Library V9.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Industry Library V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Logic Matrix V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Logic Matrix V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 MPC Configurator
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 PowerControl
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Standard Chemical Library V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 Standard Chemical Library V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 TeleControl
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7 V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS 7/OPEN OS V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS neo V5.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PCS neo V6.0
Default Status
unknown
Versions
Affected
  • From 0 before V6.0 SP1 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PDM Maintenance Station V5.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PDM V9.2
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC PDM V9.3
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Process Function Library (PFL) V4.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Process Historian 2020
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Process Historian 2022
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Process Historian 2024
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC ProSave V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC ProSave V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC ProSave V19
Default Status
unknown
Versions
Affected
  • From 0 before V19 Update 4 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC ProSave V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Route Control V10.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Route Control V9.1
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7 F Systems V6.3
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7 F Systems V6.4
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 Software Controller V2
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-1500 Software Controller V3
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-Fail-safe Configuration Tool (S7-FCT)
Default Status
unknown
Versions
Affected
  • From 0 before V4.0.1 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PCT
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PLCSIM Advanced
Default Status
unknown
Versions
Affected
  • From 0 before V7.0 Update 1 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PLCSIM V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PLCSIM V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PLCSIM V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC S7-PLCSIM V20
Default Status
unknown
Versions
Affected
  • From 0 before V20 Update 1 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Safety Matrix
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC STEP 7 CFC V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC STEP 7 CFC V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC STEP 7 V5.7
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC Target
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC flexible ES
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Runtime Advanced
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Runtime Professional
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Runtime Professional V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC TeleControl
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Unified Line Coordination
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Unified PC Runtime V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Unified PC Runtime V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Unified PC Runtime V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Unified Sequence
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC V7.5
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC V8.0
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC V8.1
Default Status
unknown
Versions
Affected
  • From 0 before V8.1 Update 3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Visualization Architect (SiVArc) V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Visualization Architect (SiVArc) V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Visualization Architect (SiVArc) V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC WinCC Visualization Architect (SiVArc) V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMIT Rapid Tester
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIMIT Simulation Platform
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SINAMICS Startdrive V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SINAMICS Startdrive V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SINAMICS Startdrive V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SINAMICS Startdrive V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SINEC NMS
Default Status
unknown
Versions
Affected
  • From 0 before V4.0 (custom)
Vendor
Siemens AGSiemens
Product
SINEMA Remote Connect Client
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SITRANS
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
Standard PID CTRL Tool
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TeleControl Server Basic V3.1
Default Status
unknown
Versions
Affected
  • From 0 before V3.1.2.2 (custom)
Vendor
Siemens AGSiemens
Product
TIA Administrator
Default Status
unknown
Versions
Affected
  • From 0 before V3.0.6 (custom)
Vendor
Siemens AGSiemens
Product
TIA Portal Cloud Connector
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Portal Test Suite V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Portal Test Suite V18
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Portal Test Suite V19
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Portal Test Suite V20
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Project-Server
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
TIA Project-Server V17
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
WinCC Panel Image Setup
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427: Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427: Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-282044.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-282044.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:12 Aug, 2025 | 12:15
Updated At:12 Aug, 2025 | 14:25

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Primaryproductcert@siemens.com
CWE ID: CWE-427
Type: Primary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-282044.htmlproductcert@siemens.com
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-282044.html
Source: productcert@siemens.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

660Records found
CVE-2020-28381
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.24%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 20:18
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2021Solid Edge SE2020
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-28384
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.96% / 75.54%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 20:18
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2021Solid Edge SE2020
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46346
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2022parasolidsolid_edge_se2023Parasolid V34.0Solid Edge SE2023Parasolid V35.0Parasolid V33.1Parasolid V34.1Solid Edge SE2022
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51439
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.13%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-17 Apr, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization V14.3Teamcenter Visualization V13.3Teamcenter Visualization V14.1Teamcenter Visualization V14.2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49122
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49132
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.40%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-49130
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-49126
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49129
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49131
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-49127
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49125
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 08:59
Updated-07 May, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidsolid_edge_se2023solid_edge_se2024Parasolid V35.1Solid Edge SE2023Parasolid V36.0Solid Edge SE2024Parasolid V35.0
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49121
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49124
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.18%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49128
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 10:00
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49123
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-01 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2023Solid Edge SE2023
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40739
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-21 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2025
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46345
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2022parasolidsolid_edge_se2023Parasolid V34.0Solid Edge SE2023Parasolid V35.0Parasolid V33.1Parasolid V34.1Solid Edge SE2022parasolidsolid_edge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40740
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-21 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2025
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40764
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.29%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-20 Aug, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2412Simcenter Femap V2406
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40741
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:35
Updated-21 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2025
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-40762
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-20 Aug, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2412Simcenter Femap V2406
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27380
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.23%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2021Solid Edge SE2020
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32454
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-10 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004), Tecnomatix Plant Simulation V2404 (All versions < V2404.0013). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2312Teamcenter Visualization V2406Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2404Teamcenter Visualization V2412
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44086
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2302Tecnomatix Plant Simulation V2201
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38681
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44085
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.30%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2302Tecnomatix Plant Simulation V2201
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44082
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.32%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2302Tecnomatix Plant Simulation V2201
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38528
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-15 Oct, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationParasolid V35.1Parasolid V35.0Teamcenter Visualization V14.1Teamcenter Visualization V14.2Parasolid V34.1Teamcenter Visualization V14.3
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41846
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-27382
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2021solid_edge_se2020Solid Edge SE2021Solid Edge SE2020
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27387
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.16%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap 2020.2Simcenter Femap 2021.1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41033
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-27 Feb, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)

Action-Not Available
Vendor-Siemens AG
Product-parasolidsimcenter_femapParasolid V35.1Parasolid V36.0Simcenter Femap V2301Parasolid V35.0Simcenter Femap V2306
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27390
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.89%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39188
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39419
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:21
Updated-11 Oct, 2024 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023solid_edge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25678
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2021solid_edge_se2020Solid Edge SE2021Solid Edge SE2020
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39183
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39184
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39549
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.99%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:21
Updated-11 Oct, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023se2023
CWE ID-CWE-416
Use After Free
CVE-2023-39187
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-10 Oct, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39181
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38076
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38075
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-416
Use After Free
CVE-2023-38682
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.31%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.2Teamcenter Visualization V14.2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38679
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-27438
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38526
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-27 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationParasolid V35.1Teamcenter Visualization V14.2Teamcenter Visualization V14.1Parasolid V34.1Parasolid V35.0Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38070
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.08%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25175
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 09:07
Updated-19 Aug, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2406Simcenter Femap V2401
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found