Parasolid Vulnerability Could Allow Execution of Code in Context of Current Process
CVE-2024-54091

7.3HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2024; Solid Edge Se2025
Vendor: CVE Published:; 10 December 2024

Summary

A critical vulnerability has been identified in the Parasolid software, specifically affecting versions of Parasolid V36.1 prior to V36.1.225 and V37.0 prior to V37.0.173. This flaw manifests as an out of bounds write past the end of an allocated buffer when processing X_T data or handling specially crafted files in X_T format. Exploitation of this vulnerability could enable an attacker to execute arbitrary code within the context of the currently running process, posing significant security risks to users.

Affected Version(s)

Solid Edge SE2024 0

Solid Edge SE2025 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9790...

https://cert-portal.siemens.com/productcert/html/ssa-6729...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 28, 2024