CVE Catalog

CVE-2023-38524

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

A vulnerability has been identified in Parasolid and Teamcenter Visualization applications, present in versions earlier than specified. The issue involves null pointer dereference while parsing specially crafted X_T files, which could allow an attacker to execute code in the context of the current process.

Risk Assessment

This vulnerability poses a risk of malicious code execution, potentially leading to system compromise or data leakage. Organizations should be aware of the potential threats associated with using outdated software versions.

Recommendation

It is recommended to update to the latest versions of Parasolid and Teamcenter Visualization to mitigate the risks associated with this vulnerability. Regular monitoring and updating of software should be part of the IT security strategy.

Original NVD description (English source)

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS