Vulnerability Details : CVE-2022-34273

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)

Vulnerability category: Memory CorruptionExecute code

Published 2022-07-12 10:15:11

Updated 2022-07-15 18:48:46

Source Siemens AG

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-34273

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-34273

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-34273

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- productcert@siemens.com (Secondary)

References for CVE-2022-34273

https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-34273

Siemens » Pads Viewer » Plus Edition
cpe:2.3:a:siemens:pads_viewer:*:*:*:*:plus:*:*:*
Matching versions
Siemens » Pads Viewer » Standard Edition
cpe:2.3:a:siemens:pads_viewer:*:*:*:*:standard:*:*:*
Matching versions