CVE-2023-38681

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 8, 2023

Updated: Aug 14, 2023

CWE ID 787

Summary

CVE-2023-38681 is a newly disclosed vulnerability affecting Tecnomatix Plant Simulation V2201 (all versions below V2201.0008) and V2302 (all versions below V2302.0002). This issue stems from an out-of-bounds write vulnerability in the application's IGS file parsing function. A maliciously crafted IGS file can cause data to be written past the allocated buffer boundary, potentially allowing an attacker to inject and execute arbitrary code within the affected process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens Tecnomatix

Affected Vendors

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sGULJ_
https://www.cve.org/CVERecord?id=CVE-2023-38681
https://nvd.nist.gov/vuln/detail/CVE-2023-38681

Back to Vulnerability Database