CVE Vulnerability

CVE-2022-47967

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-997779.pdf Mitigation Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2023:-:*:*:*:*:*:*
Information

Published : 2023-01-10 12:15

Updated : 2023-01-17 04:19

NVD link : CVE-2022-47967

Mitre link : CVE-2022-47967

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer