CVE-2023-28830

HIGH

JT2Go, Solid Edge SE2022, Solid Edge SE2023, Teamcenter Visualizati...

Title source: llm

Description

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (18)

siemens/jt2go < 14.2.0.5

siemens/solid_edge_se2022

siemens/solid_edge_se2022 maintenance_pack_1

siemens/solid_edge_se2022 maintenance_pack_2

siemens/solid_edge_se2022 maintenance_pack_3

siemens/solid_edge_se2022 maintenance_pack_4

siemens/solid_edge_se2022 maintenance_pack_5

siemens/solid_edge_se2022 maintenance_pack_7

siemens/solid_edge_se2022 maintenance_pack_8

siemens/solid_edge_se2022 maintenance_pack_9

... and 8 more

Published Aug 08, 2023

Tracked Since Feb 18, 2026