SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer

A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges. Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens recommends to uninstall impacted Parasolid instances and reinstall with the latest installer available.