Products
Tecnomatix Plant Simulation
- V2302.0015
- V2404.0004
Source
productcert@siemens.com
Tags
CVE-2024-41170 details
Published : Sept. 10, 2024, 10:15 a.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Description
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-121 | Stack-based Buffer Overflow | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-427715.html | productcert@siemens.com |
This website uses the NVD API, but is not approved or certified by it.