ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | allinfosecnews.com

May 17, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-32061.

arbitrary code attackers code code execution cvss exploit file malicious out-of-bounds page parsing rating remote code remote code execution siemens target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com

attackers authentication cvss escalation +14

ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com

attackers authentication configuration cvss +18

ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability 3 days, 18 hours ago | www.zerodayinitiative.com

attacker attackers code controller +24

ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 4 days, 18 hours ago | www.zerodayinitiative.com

0day advanced attacker attackers +21

ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability 4 days, 18 hours ago | www.zerodayinitiative.com

0day attackers bypass bypass vulnerability +19

ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability 4 days, 18 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +14

ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability 4 days, 18 hours ago | www.zerodayinitiative.com

0day attackers authentication bypass +16

ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution … 4 days, 18 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +22

ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability 4 days, 18 hours ago | www.zerodayinitiative.com

0day attackers authentication cve +13

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Manager Pentest H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com

Information System Security Officer

@ Parsons Corporation | USA VA Chantilly (Client Site)

View on infosec-jobs.com

Vulnerability Analyst, Mid

@ Booz Allen Hamilton | USA, VA, McLean (8283 Greensboro Dr, Hamilton)

View on infosec-jobs.com

SAP Security and Compliance Auditor

@ Bosch Group | Warszawa, Poland

View on infosec-jobs.com

Head of Product Security (Business team)

@ Zalando | Berlin

View on infosec-jobs.com