CVE-2024-54094
10.12.2024, 14:30
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | solid_edge_se2024 | 𝑥 < 224.0 |
| siemens | solid_edge_se2024 | 224.0 |
| siemens | solid_edge_se2024 | 224.0:update_0001 |
| siemens | solid_edge_se2024 | 224.0:update_0002 |
| siemens | solid_edge_se2024 | 224.0:update_0003 |
| siemens | solid_edge_se2024 | 224.0:update_0004 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.