{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Simcenter Femap and Parasolid are affected by multiple file parsing\nvulnerabilities that could be triggered when the application reads\nfiles in X_T file formats. If a user is tricked to open a malicious\nfile with the affected applications, an attacker could leverage the\nvulnerability to perform remote code execution in the context of the\ncurrent process.    Siemens has released updates for the affected\nproducts and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect\nnetwork access to devices with appropriate mechanisms. In order to\noperate the devices in a protected IT environment, Siemens recommends\nto configure the environment according to Siemens' operational\nguidelines for Industrial Security (Download:\nhttps://www.siemens.com/cert/operational-guidelines-industrial-\nsecurity), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found\nat: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-518824 Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-518824 Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-518824.txt"
      },
      {
        "category": "self",
        "summary": "SSA-518824 Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-518824.json"
      }
    ],
    "title": "SSA-518824 Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid",
    "tracking": {
      "current_release_date": "2022-09-13T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-518824",
      "initial_release_date": "2022-09-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2022-09-13T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "< V33.1.262",
                "product": {
                  "name": "Parasolid V33.1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": ">= V33.1.262 < V33.1.263",
                "product": {
                  "name": "Parasolid V33.1",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Parasolid V33.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "< V34.0.252",
                "product": {
                  "name": "Parasolid V34.0",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "Parasolid V34.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "< V34.1.242",
                "product": {
                  "name": "Parasolid V34.1",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "Parasolid V34.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "<  V35.0.161",
                "product": {
                  "name": "Parasolid V35.0",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": ">= V35.0.161 < V35.0.164",
                "product": {
                  "name": "Parasolid V35.0",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "Parasolid V35.0"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "< V2022.1.3",
                "product": {
                  "name": "Simcenter Femap V2022.1",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "Simcenter Femap V2022.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "< V2022.2.2",
                "product": {
                  "name": "Simcenter Femap V2022.2",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "Simcenter Femap V2022.2"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-39137",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17276)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39137"
    },
    {
      "cve": "CVE-2022-39138",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17284)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39138"
    },
    {
      "cve": "CVE-2022-39139",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17289)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39139"
    },
    {
      "cve": "CVE-2022-39140",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39140"
    },
    {
      "cve": "CVE-2022-39141",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17296)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3",
          "4",
          "5",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "3",
            "4",
            "5",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39141"
    },
    {
      "cve": "CVE-2022-39142",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17485)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39142"
    },
    {
      "cve": "CVE-2022-39143",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17493)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39143"
    },
    {
      "cve": "CVE-2022-39144",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17494)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39144"
    },
    {
      "cve": "CVE-2022-39145",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17496)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39145"
    },
    {
      "cve": "CVE-2022-39146",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39146"
    },
    {
      "cve": "CVE-2022-39147",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39147"
    },
    {
      "cve": "CVE-2022-39148",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17513)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39148"
    },
    {
      "cve": "CVE-2022-39149",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17733)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39149"
    },
    {
      "cve": "CVE-2022-39150",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39150"
    },
    {
      "cve": "CVE-2022-39151",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39151"
    },
    {
      "cve": "CVE-2022-39152",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17740)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39152"
    },
    {
      "cve": "CVE-2022-39153",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18187)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39153"
    },
    {
      "cve": "CVE-2022-39154",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18188)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39154"
    },
    {
      "cve": "CVE-2022-39155",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18192)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39155"
    },
    {
      "cve": "CVE-2022-39156",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Do not open untrusted X_T files in Simcenter Femap or Parasolid",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.262 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.0.252 or later version",
          "product_ids": [
            "3"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V34.1.242 or later version",
          "product_ids": [
            "4"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.1.3 or later version",
          "product_ids": [
            "7"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2022.2.2 or later version",
          "product_ids": [
            "8"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.161 or later version",
          "product_ids": [
            "5"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V33.1.263 or later version",
          "product_ids": [
            "2"
          ],
          "url": "https://support.sw.siemens.com/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V35.0.164 or later version",
          "product_ids": [
            "6"
          ],
          "url": "https://support.sw.siemens.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8"
          ]
        }
      ],
      "title": "CVE-2022-39156"
    }
  ]
}