PT-2024-3671 · Siemens · Siemens Solid Edge

Michael Heinzl

Published

2024-05-14

Updated

2024-05-14

CVE-2024-34773

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Siemens Solid Edge versions prior to V224.0 Update 2

Description The issue is related to a stack overflow vulnerability in the parsing of specially crafted PAR files. This could allow an attacker to execute arbitrary code in the context of the current process. The vulnerability is exploited through specially crafted PAR files.

Recommendations For versions prior to V224.0 Update 2, update to V224.0 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted PAR files until a patch is applied. Avoid using untrusted PAR files in the affected application to minimize the risk of exploitation.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2024-04013

CVE-2024-34773

Affected Products

Siemens Solid Edge

PT-2024-3671 · Siemens · Siemens Solid Edge

CVE-2024-34773

Weakness Enumeration

Related Identifiers

Affected Products

References · 5