Description
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25718.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The flaw in Labcenter Electronics Proteus allows an attacker to cause an out‑of‑bounds write while parsing a PDSPRJ file. The overflow can be leveraged to execute arbitrary code in the context of the current process, giving the attacker full control of the application and potentially the host system. This vulnerability is a classic buffer overflow (CWE‑787).

Affected Systems

The vulnerability affects all installations of Labcenter Electronics Proteus that use the PDSPRJ file format. No specific version range is listed, implying that any current or previous release employing the same parser may be susceptible until a vendor update is released.

Risk and Exploitability

The CVSS score of 7.8 classifies this as a high‑severity flaw. While the EPSS score is not available, the lack of a public KEV listing suggests moderate exploitation potential. The vulnerability requires user interaction, such as opening a malicious PDSPRJ file or visiting a site that delivers such a file; an attacker must supply crafted data to trigger the overflow.

Generated by OpenCVE AI on April 11, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Proteus release from Labcenter Electronics.
  • Verify that the deployed version contains the PDSPRJ parsing fix.
  • Avoid opening PDSPRJ files from untrusted sources until a patch is applied.
  • If a patch is not yet available, use layer controls to block or quarantine PDSPRJ files.

Generated by OpenCVE AI on April 11, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter
Labcenter proteus
CPEs cpe:2.3:a:labcenter:proteus:8.17:sp5:*:*:*:*:*:*
Vendors & Products Labcenter
Labcenter proteus

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter Electronics
Labcenter Electronics proteus
Vendors & Products Labcenter Electronics
Labcenter Electronics proteus

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25718.
Title Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Labcenter Proteus
Labcenter Electronics Proteus
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-13T18:24:57.963Z

Reserved: 2026-04-03T14:34:18.235Z

Link: CVE-2026-5493

cve-icon Vulnrichment

Updated: 2026-04-13T18:24:53.691Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:18.427

Modified: 2026-04-27T17:48:05.910

Link: CVE-2026-5493

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:11Z

Weaknesses