CVE-2023-24581

Name of the Vulnerable Software and Affected Versions Solid Edge SE2022 versions prior to V222.0MP12 Solid Edge SE2023 versions prior to V223.0Update2

Description A use-after-free issue has been identified in the affected application, which can be triggered while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. The vulnerability can be exploited using specially crafted files, potentially leading to remote code execution.

Recommendations For Solid Edge SE2022 versions prior to V222.0MP12, update to version V222.0MP12 or later. For Solid Edge SE2023 versions prior to V223.0Update2, update to version V223.0Update2 or later. As a temporary workaround, consider avoiding the use of specially crafted STP files until a patch is available. Restrict access to untrusted files to minimize the risk of exploitation.