CVE-2023-24555

HIGH

Solid Edge <V222.0MP12, <V223.0Update2 - Code Injection

Title source: llm

Description

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

References (1)

Core 1

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (12)

siemens/solid_edge_se2022

siemens/solid_edge_se2022 maintenance_pack_1

siemens/solid_edge_se2022 maintenance_pack_2

siemens/solid_edge_se2022 maintenance_pack_3

siemens/solid_edge_se2022 maintenance_pack_4

siemens/solid_edge_se2022 maintenance_pack_5

siemens/solid_edge_se2022 maintenance_pack_7

siemens/solid_edge_se2022 maintenance_pack_8

siemens/solid_edge_se2022 maintenance_pack_9

siemens/solid_edge_se2022 maintenance_pack_10

... and 2 more

Published Feb 14, 2023

Tracked Since Feb 18, 2026