Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution
CVE-2024-54095

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2024
Vendor: CVE Published:; 10 December 2024

Summary

A vulnerability exists in Solid Edge SE2024 affecting all versions prior to V224.0 Update 10. This vulnerability is an integer underflow that can be exploited by attackers through specially crafted PAR files. When the application parses these files, it may enable the execution of arbitrary code within the context of the current process, posing significant risks to system integrity and user data.

Affected Version(s)

Solid Edge SE2024 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7301...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 28, 2024