Siemens Solid Edge
Summary
Siemens Solid Edge is vulnerable to an out-of-bounds read issue in the PS/IGES Parasolid Translator Component when processing IGS files. Exploitation could lead to application crashes or arbitrary code execution if a user opens a malicious file. Siemens has released an update (V226.00 Update 03 or later) to address this vulnerability.
IFF Assessment
An unpatched vulnerability in widely used software creates risk for defenders.
Severity
Defender Context
This vulnerability highlights the ongoing risks associated with file parsing and the importance of promptly applying vendor patches. Defenders should ensure that Siemens Solid Edge is updated to the latest version (V226.00 Update 03 or later) across their organization. Monitoring for suspicious file access patterns or application crashes related to IGS files may also provide early warning of exploitation attempts.