CVE-2024-54091 HIGH

CVE-2024-54091

Vendor Siemens

Product Solid Edge SE2024

Weakness CWE-787

Published December 10, 2024

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process.

Key dates

02Disclosure timeline

December 10, 2024 CVE published

April 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-54091 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2024-54091

CWE CWE-787

CVSS 7.8 / HIGH

Affected versions

Vendor Siemens

Product Solid Edge SE2024

Affected < V224.0 Update 12

Vendor Siemens

Product Solid Edge SE2025

Affected < V225.0 Update 3

CVE-2024-54091

01Description

02Disclosure timeline

03References

04Related CVE