CVE-2024-54095

HIGH

Solid Edge SE2024 <V224.0 Update 10 - Code Injection

Title source: llm

Description

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-730188.html

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 32.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-191

Status published

Products (2)

siemens/solid_edge_se2024 224.0 (10 CPE variants)

siemens/solid_edge_se2024 < 224.0

Published Dec 10, 2024

Tracked Since Feb 18, 2026