Out of Bounds Read in PS/IGES Parasolid Translator Component Before V29.0.258
Plan Patch7.8SSA-241605Nov 17, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
The PS/IGES Parasolid Translator Component contains an out-of-bounds read vulnerability that can be triggered when the application processes IGS (IGES) file format files. A malicious IGS file could cause the application to crash or potentially allow arbitrary code execution if opened by a user. The vulnerability exists in versions before 29.0.258.
What this means
What could happen
An attacker could craft a malicious IGS (IGES) file that causes the Parasolid Translator to crash or potentially execute arbitrary code when a user opens it, disrupting design workflows or compromising systems used for CAD/PLM operations.
Who's at risk
Design engineers, product engineers, and operators using Siemens PLM software (Teamcenter, NX, Solid Edge, or other products that integrate the Parasolid Translator component) who work with IGES/IGS CAD files. This affects manufacturing, automotive, aerospace, and product design sectors.
How it could be exploited
An attacker creates a specially crafted IGS file with malformed data that triggers an out-of-bounds read in the Parasolid Translator. The attacker delivers this file via email or file sharing, and when a design engineer or operator opens it in an affected Siemens application (like Teamcenter, NX, or other CAD/PLM software using the component), the vulnerability is triggered.
Prerequisites
- User must open a malicious IGS file using an application containing the affected Parasolid Translator component
- No special privileges required to trigger the vulnerability
User interaction required (social engineering via file delivery)Local execution only (not remotely exploitable)High CVSS score (7.8)Potential for arbitrary code execution
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
PS/IGES Parasolid Translator Component< 29.0.25829.0.258
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate PS/IGES Parasolid Translator Component to version 29.0.258 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f8b867ee-fa1b-4d31-a250-f7ad5bf42e80