CVE Tools

CVE-2022-39154

Published: Sep 13, 2022Updated: Nov 21, 2024 Sources: CVE List NVD csafCWE-787

No Known Exploits

Patch Available

Description

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18188)

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

simcenter femap siemens

On-premDesktop App

Enterprise Software / itsm-monitoring

parasolid siemens

LibraryLibrary

OSS Libraries / generic-library

Parasolid V33.1 Siemens

MixedLibrary

Enterprise Software

Parasolid V34.0 Siemens

On-premLibrary

Parasolid V34.1 Siemens

On-prem

Enterprise Software

siemenscommercialDEEnterprise Softwareaka siemens ag

and 3 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

2 techniques

Initial Access

Privilege Escalation

View detailed technique mapping

References

https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf

cert-portal.siemens.com

https://cert-portal.siemens.com/productcert/csaf/ssa-518824.json

cert-portal.siemens.com

https://cert-portal.siemens.com/productcert/txt/ssa-518824.txt

cert-portal.siemens.com

and 8 more references View all →

Timeline

Published

Sep 13, 2022

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-39154 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows