As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 7.3
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Solid Edge SE2024, Solid Edge SE2025
- Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens Solid Edge SE2024: All versions prior to V224.0 Update 12
- Siemens Solid Edge SE2025: All versions prior to V225.0 Update 3
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process.
CVE-2024-54091 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: