Vulnerability in Solid Edge SE2024 Could Allow Execution of Code
CVE-2024-47941

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2024
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability has been found in Solid Edge SE2024 that involves an out of bounds read beyond the limits of a designated structure during the processing of specially crafted PAR files. This flaw could potentially allow malicious actors to execute arbitrary code within the context of the affected application. The implications of this vulnerability underline significant security risks for users relying on this engineering software, as it may compromise the integrity and confidentiality of sensitive data.

Affected Version(s)

Solid Edge SE2024 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3511...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 7, 2024