CVE-2024-47942

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-351178.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*

History

13 Nov 2024, 23:15

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en Solid Edge SE2024 (todas las versiones anteriores a V224.0 Update 9). Las aplicaciones afectadas sufren una vulnerabilidad de secuestro de DLL. Esto podría permitir que un atacante ejecute código arbitrario colocando un archivo DLL manipulado específicamente para ello en el sistema.
First Time		Siemens solid Edge Se2024 Siemens
CPE		cpe:2.3:a:siemens:solid_edge_se2024::::::::
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-351178.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-351178.html - Vendor Advisory

12 Nov 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-12 13:15

Updated : 2024-11-13 23:15

NVD link : CVE-2024-47942

Mitre link : CVE-2024-47942

CVE.ORG link : CVE-2024-47942

JSON object : View

Products Affected

siemens

solid_edge_se2024

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2024-47942", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.0, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-12T13:15:11.427", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2024 (todas las versiones anteriores a V224.0 Update 9). Las aplicaciones afectadas sufren una vulnerabilidad de secuestro de DLL. Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario colocando un archivo DLL manipulado espec\u00edficamente para ello en el sistema."}], "lastModified": "2024-11-13T23:15:21.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:solid_edge_se2024:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4CDE696-132C-46B7-B285-C83CE0AD4D55", "versionEndExcluding": "224.00.09.04"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}