Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution

CVE-2024-54095

7.8HIGH

Key Information

Vendor: Siemens
Status: Solid Edge Se2024
Vendor: CVE Published:; 10 December 2024

Summary

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Affected Version(s)

Solid Edge SE2024 < 0

Refferences

https://cert-portal.siemens.com/productcert/html/ssa-7301...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 28, 2024

Collectors

NVD DatabaseMitre Database