CVE-2024-54091 — Out-of-bounds Write in Siemens Solid Edge Se2024

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 70.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Solid Edge Se2024 Siemens Solid Edge Se2025 Siemens Parasolid

Timeline

PublishedDec 10

Description

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

▶CVEListV5siemens/solid_edge_se2024< V224.0 Update 12

▶CVEListV5siemens/solid_edge_se2025< V225.0 Update 3

▶NVDsiemens/solid_edge_se2024224.0

▶NVDsiemens/solid_edge_se2025225.0

▶NVDsiemens/parasolid36.1 — 36.1.225+1

🔴Vulnerability Details

GHSA

GHSA-h9pg-36c2-7xw9: A vulnerability has been identified in Parasolid V36↗2024-12-10

▶

CVEList

CVE-2024-54091: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224↗2024-12-10

▶