Vulnerability Details : CVE-2022-34278

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043)

Vulnerability category: Execute code

Published 2022-07-12 10:15:11

Updated 2022-07-15 18:54:24

Source Siemens AG

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-34278

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-34278

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-34278

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- [email protected] (Primary)
- [email protected] (Secondary)

References for CVE-2022-34278

https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-34278

Siemens » Pads Viewer » Plus Edition
cpe:2.3:a:siemens:pads_viewer:*:*:*:*:plus:*:*:*
Matching versions
Siemens » Pads Viewer » Standard Edition
cpe:2.3:a:siemens:pads_viewer:*:*:*:*:standard:*:*:*
Matching versions