Siemens Software Center and Solid Edge

Plan Patch7.8ICS-CERT ICSA-25-317-17Nov 11, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Software Center and Solid Edge contain a DLL hijacking vulnerability (CWE-427) that allows an attacker with local file system access to execute arbitrary code by placing a crafted DLL file in the application's library directories. When the application is launched, it loads the malicious DLL instead of the legitimate one, running with the application's privileges. This vulnerability is not remotely exploitable and requires local access and user interaction. Siemens has released patched versions: Software Center 3.5 and Solid Edge SE2025 V225.0 Update 10.

What this means

What could happen

An attacker with local access to a machine running Siemens Software Center or Solid Edge could place a malicious DLL file to execute arbitrary code with the privileges of the application, potentially gaining full control of the engineering workstation.

Who's at risk

Engineering teams and design departments using Siemens Software Center or Solid Edge CAD software for product design and manufacturing planning. This affects any organization that uses these tools on shared workstations or systems accessible to multiple users.

How it could be exploited

An attacker must have local file system write access to the directory where Software Center or Solid Edge loads DLL files. When the application starts, it loads the crafted DLL instead of the legitimate one, executing the attacker's code with the application's privileges.

Prerequisites

Local file system access to the machine running Siemens Software Center or Solid Edge
User interaction required: the vulnerable application must be launched after the malicious DLL is placed
Write permissions to application library directories

local code execution possiblelow attack complexityrequires user interactionaffects engineering workstations with access to design and production data

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Software Center< 3.53.5

Solid Edge SE2025<V225.0 Update 10225.0 Update 10

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Software Center

HOTFIXUpdate Siemens Software Center to version 3.5 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 10 or later

Long-term hardening

0/2

HARDENINGRestrict local file system access and user permissions on engineering workstations to limit ability to write to application directories

HARDENINGEnforce application whitelisting or code signing verification on engineering workstations to prevent unauthorized DLL loading

CVEs (1)

CVE-2025-40827

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a3c5abca-7888-4147-8a69-e68f8d0e304f