CVE-2024-54095

Published: Dec 10, 2024Modified: Mar 4, 2025

7.3

Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: productcert@siemens.com (Secondary)

Description

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Affected (11)

Products: Siemens: Solid Edge Se2024

Siemens

1 product

Solid Edge Se2024

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2024	Before 224.0
Siemens Solid Edge Se2024	Version 224.0
Siemens Solid Edge Se2024	Version 224.0 update_0001
Siemens Solid Edge Se2024	Version 224.0 update_0002
Siemens Solid Edge Se2024	Version 224.0 update_0003
Siemens Solid Edge Se2024	Version 224.0 update_0004
Siemens Solid Edge Se2024	Version 224.0 update_0005
Siemens Solid Edge Se2024	Version 224.0 update_0006
Siemens Solid Edge Se2024	Version 224.0 update_0007
Siemens Solid Edge Se2024	Version 224.0 update_0008
Siemens Solid Edge Se2024	Version 224.0 update_0009

Related CWEs

CWE-191

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-730188.html

Source: productcert@siemens.com

Vendor Advisory

Timeline

No history available yet.