{"id":37613,"date":"2025-05-12T22:25:27","date_gmt":"2025-05-12T22:25:27","guid":{"rendered":""},"modified":"2025-05-18T11:01:46","modified_gmt":"2025-05-18T11:01:46","slug":"cve-2023-49130-uninitialized-pointer-access-vulnerability-in-solid-edge-se2023","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2023-49130-uninitialized-pointer-access-vulnerability-in-solid-edge-se2023\/","title":{"rendered":"<strong>CVE-2023-49130: Uninitialized Pointer Access Vulnerability in Solid Edge SE2023<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>A serious vulnerability, identified as CVE-2023-49130, has been discovered in Solid Edge SE2023, a popular 3D CAD software. This vulnerability impacts all versions of the software prior to V223.0 Update 10. The vulnerability pertains to uninitialized <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1304-unauthorized-file-upload-vulnerability-in-newsblogger-wordpress-theme\/\"  data-wpil-monitor-id=\"42413\">pointer access<\/a> when parsing specially crafted PAR files. An attacker can exploit this weakness to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-37419-critical-arbitrary-code-execution-vulnerability-in-gtkwave-3-3-115\/\"  data-wpil-monitor-id=\"42684\">execute malicious code<\/a> in the context of the current process. Given the widespread use of Solid Edge SE2023 in various industries, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30391-microsoft-dynamics-input-validation-vulnerability-leading-to-unauthorized-information-disclosure\/\"  data-wpil-monitor-id=\"42594\">vulnerability is of significant concern as it could lead<\/a> to potential system compromise or data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2023-49130<br \/>\nSeverity: High (CVSS: 7.8)<br \/>\nAttack Vector: Local<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30165-potential-system-compromise-in-vllm-v0-engine\/\"  data-wpil-monitor-id=\"44047\">System compromise<\/a> or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3936207798\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49122-critical-heap-based-buffer-overflow-vulnerability-in-solid-edge-se2023\/\"  data-wpil-monitor-id=\"43374\">Solid Edge<\/a> SE2023 | All versions < V223.0 Update 10\n\n<strong>How the Exploit Works<\/strong><\/p>\n<p>This exploit takes advantage of an uninitialized pointer reference within the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49121-heap-based-buffer-overflow-vulnerability-in-solid-edge-se2023\/\"  data-wpil-monitor-id=\"43385\">Solid Edge<\/a> SE2023 software when parsing PAR files. An attacker can craft a malicious PAR file that, when processed by the application, triggers the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-36864-integer-overflow-vulnerability-in-gtkwave-3-3-115-with-potential-for-arbitrary-code-execution\/\"  data-wpil-monitor-id=\"42487\">vulnerability and allows the execution of arbitrary code<\/a>. This code runs in the context of the current process, enabling the attacker to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4050-heap-corruption-in-google-chrome-devtools-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"43162\">potentially compromise the system<\/a> or leak data.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p>\n<p>Here is a conceptual representation of a crafted malicious PAR <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-13418-critical-arbitrary-file-upload-vulnerability-in-multiple-wordpress-plugins-and-themes\/\"  data-wpil-monitor-id=\"42944\">file that could be used to exploit this vulnerability<\/a>:<\/p><div id=\"ameeb-2384519752\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<pre><code class=\"\" data-line=\"\"># Crafted malicious PAR file\n$ echo &#039;malicious_code_here&#039; &gt; exploit.par\n# Use the crafted file with the vulnerable application\n$ solid_edge_se2023 exploit.par<\/code><\/pre>\n<p>This pseudocode example shows how an attacker could inject malicious code into a PAR file, which then gets <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-36915-arbitrary-code-execution-vulnerability-in-gtkwave-3-3-115\/\"  data-wpil-monitor-id=\"42732\">executed when the vulnerable<\/a> application processes the file.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>To mitigate this vulnerability, users are advised to apply the vendor&#8217;s patch by updating to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49126-critical-vulnerability-in-solid-edge-se2023-allows-for-potential-system-compromise\/\"  data-wpil-monitor-id=\"43405\">Solid Edge SE2023<\/a> version V223.0 Update 10 or later. As a temporary mitigation, users can also use a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) to detect and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-38657-out-of-bounds-write-vulnerability-in-gtkwave-lxt2-zlib-block-decompression\/\"  data-wpil-monitor-id=\"43161\">block attempts to exploit this vulnerability<\/a>. It&#8217;s important to note that these are only temporary measures and cannot replace the need for applying the vendor&#8217;s patch.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview A serious vulnerability, identified as CVE-2023-49130, has been discovered in Solid Edge SE2023, a popular 3D CAD software. This vulnerability impacts all versions of the software prior to V223.0 Update 10. The vulnerability pertains to uninitialized pointer access when parsing specially crafted PAR files. An attacker can exploit this weakness to execute malicious code [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[82],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-37613","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-microsoft"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/37613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=37613"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/37613\/revisions"}],"predecessor-version":[{"id":39421,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/37613\/revisions\/39421"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=37613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=37613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=37613"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=37613"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=37613"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=37613"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=37613"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=37613"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=37613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}