SSA-818688 — Vulnetix

SSA-818688 PUBLISHED CVSS 5.599999904632568 MEDIUM

Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution and data extraction on the target host system. Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	Solid Edge SE2021

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-818688.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-818688.json advisory

Open in Interactive Console →