Rewterz Threat Advisory – Multiple Trend Micro Apex One and Apex One Zero Day Vulnerabilities
January 12, 2024Rewterz Threat Alert – Fabookie: A Stealthy InfoStealer Threat Targeting Social Media Accounts – Active IOCs
January 13, 2024Rewterz Threat Advisory – Multiple Trend Micro Apex One and Apex One Zero Day Vulnerabilities
January 12, 2024Rewterz Threat Alert – Fabookie: A Stealthy InfoStealer Threat Targeting Social Media Accounts – Active IOCs
January 13, 2024Severity
High
Analysis Summary
CVE-2023-49124 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49132 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by the access of an uninitialized pointer when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49130 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by the access of an uninitialized pointer when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49121 CVSS: 7.8
Siemens Solid Edge SE2023 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing PAR files. By persuading a victim to open a specially crafted PAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-49129 CVSS: 7.8
Siemens Solid Edge SE2023 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing PAR files. By persuading a victim to open a specially crafted PAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-49123 CVSS: 7.8
Siemens Solid Edge SE2023 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing PAR files. By persuading a victim to open a specially crafted PAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-49122 CVSS: 7.8
Siemens Solid Edge SE2023 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing PAR files. By persuading a victim to open a specially crafted PAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-49127 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49126 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49128 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-49131 CVSS: 7.8
Siemens Solid Edge SE2023 could allow a remote attacker to execute arbitrary code on the system, caused by the access of an uninitialized pointer when processing PAR files. By persuading a victim to open a specially crafted PAR file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-49124
- CVE-2023-49132
- CVE-2023-49130
- CVE-2023-49121
- CVE-2023-49129
- CVE-2023-49123
- CVE-2023-49122
- CVE-2023-49127
- CVE-2023-49126
- CVE-2023-49128
- CVE-2023-49131
Affected Vendors
Siemens
Affected Products
- Siemens Solid Edge SE2023
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.