Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution
CVE-2024-54095

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2024
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-54095?

A vulnerability exists in Solid Edge SE2024 affecting all versions prior to V224.0 Update 10. This vulnerability is an integer underflow that can be exploited by attackers through specially crafted PAR files. When the application parses these files, it may enable the execution of arbitrary code within the context of the current process, posing significant risks to system integrity and user data.

Affected Version(s)

Solid Edge SE2024 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7301...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024
Vulnerability Reserved
Nov 28, 2024

Siemens

What is CVE-2024-54095?

Affected Version(s)

References

CVSS V3.1

Timeline