Security Advisory

Siemens Product Security Update Advisory

  • Jan 02 2025

Overview

We have released a security update to fix vulnerabilities in Siemens products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2024-54091

Parasolid Version: ~V36.1.225 (excluded)
Parasolid version: ~V37.0.173 (excluded)

 

CVE-2024-53041, CVE-2024-53042

Tecnomatix Plant Simulation V2302 Version: ~2302.0016 (excluded)
Tecnomatix Plant Simulation V2404 version: ~2404.0005 (excluded)

 

CVE-2024-54093, CVE-2024-54094, CVE-2024-54095

Solid Edge SE2024 version: ~V224.0 Update 5 (excluded)
Solid Edge SE2024 versions: ~V224.0 Update 10 (excludes)

 

 

Resolved Vulnerabilities

Out of bounds Write vulnerability when analyzing X_T data or X_T formatted files (CVE-2024-54091)
Stack based Buffer Overflow vulnerability when analyzing specially crafted WRL files (CVE-2024-53041)
Out of bounds Read vulnerability when analyzing a specially crafted WRL file (CVE-2024-53042)
Heap based Buffer Overflow vulnerability when analyzing a specially crafted ASM file (CVE-2024-54093)
heap based Buffer Overflow vulnerability when analyzing a specially crafted PAR file (CVE-2024-54094)
Integer Underflow Vulnerability in the analysis of specially crafted PAR files (CVE-2024-54095)

 

Vulnerability Patches

vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2024-54091

Parasolid V36.1.225 or higher versions
Parasolid V37.0.173 or higher versions

 

CVE-2024-53041, CVE-2024-53042

Tecnomatix Plant Simulation V2302 2302.0016 or higher versions
Tecnomatix Plant Simulation V2404 2404.0005 or higher versions

 

CVE-2024-54093, CVE-2024-54094, CVE-2024-54095

Solid Edge SE2024 V224.0 Update 5 or higer versions
Solid Edge SE2024 V224.0 Update 10 or higher versions

 

 

References

[1] SSA-979056: Out of Bounds Write Vulnerability in Parasolid
https://cert-portal.siemens.com/productcert/html/ssa-979056.html

[2] SSA-583523: Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation
https://cert-portal.siemens.com/productcert/html/ssa-583523.html

[3] SSA-730188: Multiple File Parsing Vulnerabilities in Solid Edge V2024
https://cert-portal.siemens.com/productcert/html/ssa-730188.html

Tags:

Previous Post

Next Post