CVE-2024-33490

Published: May 14, 2024Modified: Mar 7, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Affected (6)

Products: Siemens: Solid Edge Se2024

Siemens

1 product

Solid Edge Se2024

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2024	Before 224.0
Siemens Solid Edge Se2024	Version 224.0
Siemens Solid Edge Se2024	Version 224.0 update_0001
Siemens Solid Edge Se2024	Version 224.0 update_0002
Siemens Solid Edge Se2024	Version 224.0 update_0003
Siemens Solid Edge Se2024	Version 224.0 update_0004

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-589937.html

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-589937.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.