Description
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The flaw lies in Proteus' handling of PDSPRJ project files. When data supplied by a user is not validated, a type‑confusion condition can be triggered, allowing an attacker to supply a crafted file that the program interprets as a different data type. This leads to execution of arbitrary code in the process context of Proteus. The vulnerability is only exploitable when the user opens or otherwise processes a malicious PDSPRJ file.

Affected Systems

All versions of Labcenter Electronics Proteus that parse PDSPRJ files are affected. No specific release range is provided, so every publicly available version that supports this file format should be regarded as vulnerable until a vendor update is issued.

Risk and Exploitability

The CVSS score of 7.8 denotes high severity. The attack requires user interaction, i.e., the victim must open a malicious PDSPRJ file or visit a page that triggers parsing. EPSS data is not provided, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, the combination of high severity and the need for user cooperation means that environments where users routinely import third‑party project files are at risk of arbitrary code execution.

Generated by OpenCVE AI on April 11, 2026 at 03:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor's security patch for Proteus as soon as it becomes available.
  • Do not open or import PDSPRJ files from untrusted or unknown sources until a patch is applied.
  • Limit standard users' ability to run Proteus by assigning administrative approval or restricting executable permissions.
  • Monitor official Labcenter Electronics advisory channels for updates and validate that the patch resolves the issue.

Generated by OpenCVE AI on April 11, 2026 at 03:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter
Labcenter proteus
CPEs cpe:2.3:a:labcenter:proteus:8.17:sp5:*:*:*:*:*:*
Vendors & Products Labcenter
Labcenter proteus

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Labcenter Electronics
Labcenter Electronics proteus
Vendors & Products Labcenter Electronics
Labcenter Electronics proteus

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.
Title Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
Weaknesses CWE-843
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Labcenter Proteus
Labcenter Electronics Proteus
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-13T18:25:22.216Z

Reserved: 2026-04-03T14:34:56.642Z

Link: CVE-2026-5496

cve-icon Vulnrichment

Updated: 2026-04-13T18:25:17.919Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:18.830

Modified: 2026-04-27T17:48:20.870

Link: CVE-2026-5496

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:12Z

Weaknesses