CVE-2022-43609

HIGH

IronCAD - RCE

Title source: llm

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672.

References (1)

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-22-1467/

Scores

CVSS v3 7.8

EPSS 0.0110

EPSS Percentile 78.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-824

Status published

Products (1)

ironcad/ironcad 2022 (7 CPE variants)

Published Mar 29, 2023

Tracked Since Feb 18, 2026