Parasolid Vulnerability Could Allow Execution of Code in Context of Current Process
CVE-2024-54091

7.8HIGH

Key Information:

Vendor: Siemens
Status: Parasolid V36.1; Parasolid V37.0
Vendor: CVE Published:; 10 December 2024

Summary

A critical vulnerability has been identified in the Parasolid software, specifically affecting versions of Parasolid V36.1 prior to V36.1.225 and V37.0 prior to V37.0.173. This flaw manifests as an out of bounds write past the end of an allocated buffer when processing X_T data or handling specially crafted files in X_T format. Exploitation of this vulnerability could enable an attacker to execute arbitrary code within the context of the currently running process, posing significant security risks to users.

Affected Version(s)

Parasolid V36.1 0

Parasolid V37.0 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9790...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 28, 2024