Solid Edge Vulnerability: Out of Bounds Read Could Lead to Code Execution
CVE-2024-33490

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-33490?

A security flaw has been identified in Solid Edge where an out of bounds read occurs past the end of an allocated structure during the parsing of specially crafted PAR files. This vulnerability opens the door for potential code execution within the context of the currently running process, posing a significant risk for affected users. Users of Solid Edge versions prior to V224.0 Update 5 should take prompt action to mitigate this risk, as the exploitation of this vulnerability could lead to unauthorized access and control over affected systems.

Affected Version(s)

Solid Edge 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5899...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 23, 2024

Siemens

What is CVE-2024-33490?

Affected Version(s)

References

CVSS V3.1

Timeline