all InfoSec news
SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer
Siemens ProductCERT Security Advisories cert-portal.siemens.com
A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges.
Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens recommends to uninstall impacted Parasolid instances and reinstall with the latest installer available.
access access control control cve directory install installer privileges software ssa system systems vulnerability