CVE-2024-54091

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.
This could allow an attacker to execute code in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemensCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
siemensparasolid
36.1 ≤
𝑥
< 36.1.225
siemensparasolid
37.0 ≤
𝑥
< 37.0.173
siemenssolid_edge_se2024
-
siemenssolid_edge_se2024
224.0
siemenssolid_edge_se2024
224.0:update_0001
siemenssolid_edge_se2024
224.0:update_00010
siemenssolid_edge_se2024
224.0:update_00011
siemenssolid_edge_se2024
224.0:update_0002
siemenssolid_edge_se2024
224.0:update_0003
siemenssolid_edge_se2024
224.0:update_0004
siemenssolid_edge_se2024
224.0:update_0005
siemenssolid_edge_se2024
224.0:update_0006
siemenssolid_edge_se2024
224.0:update_0007
siemenssolid_edge_se2024
224.0:update_0008
siemenssolid_edge_se2024
224.0:update_0009
siemenssolid_edge_se2025
-
siemenssolid_edge_se2025
225.0
siemenssolid_edge_se2025
225.0:update_0001
siemenssolid_edge_se2025
225.0:update_0002
siemenssolid_edge_se2025
225.0:update_0003
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-672923.html
https://cert-portal.siemens.com/productcert/html/ssa-979056.html