ID

VAR-202405-0216


CVE

CVE-2024-33577


TITLE

Siemens Simcenter Nastran Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-23515

DESCRIPTION

A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process. Simcenter Nastran is a finite element method solver. Siemens Simcenter Nastran has a stack buffer overflow vulnerability

Trust: 1.44

sources: NVD: CVE-2024-33577 // CNVD: CNVD-2024-23515

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-23515

AFFECTED PRODUCTS

vendor:siemensmodel:simcenter nastranscope:eqversion:2306

Trust: 0.6

vendor:siemensmodel:simcenter nastranscope:eqversion:2312

Trust: 0.6

vendor:siemensmodel:simcenter nastranscope:eqversion:2406

Trust: 0.6

sources: CNVD: CNVD-2024-23515

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-33577
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-23515
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-23515
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2024-33577

PATCH

title:Patch for Siemens Simcenter Nastran Stack Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/547141

Trust: 0.6

sources: CNVD: CNVD-2024-23515

EXTERNAL IDS

db:NVDid:CVE-2024-33577

Trust: 1.6

db:SIEMENSid:SSA-258494

Trust: 1.6

db:CNVDid:CNVD-2024-23515

Trust: 0.6

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-258494.html

Trust: 1.6

sources: CNVD: CNVD-2024-23515 // NVD: CVE-2024-33577

SOURCES

db:CNVDid:CNVD-2024-23515
db:NVDid:CVE-2024-33577

LAST UPDATE DATE

2024-05-25T23:13:11.966000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-23515date:2024-05-22T00:00:00
db:NVDid:CVE-2024-33577date:2024-05-14T19:17:55.627

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-23515date:2024-05-24T00:00:00
db:NVDid:CVE-2024-33577date:2024-05-14T16:17:20.707