DLL Hijacking Vulnerability in Siemens Software Center and Solid Edge

Plan Patch7.8SSA-365596Nov 11, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Software Center and Solid Edge are affected by a DLL hijacking vulnerability (CWE-427) that allows an attacker with local access to execute arbitrary code by placing a crafted DLL file on the system. The malicious DLL is loaded automatically when the application starts, executing with the privileges of the logged-in user. Siemens has released patches for both products.

What this means

What could happen

An attacker with local access to a workstation could place a malicious DLL file that gets loaded by Software Center or Solid Edge, allowing the attacker to run arbitrary code with the privileges of the logged-in user. This could lead to unauthorized modifications to CAD designs, theft of intellectual property, or further compromise of the engineering workstation.

Who's at risk

Engineering and design organizations using Siemens Software Center for software distribution and asset management, and mechanical engineers using Solid Edge CAD software. This affects manufacturing, automotive, industrial equipment design, and utilities with engineering teams that rely on Siemens design tools on Windows workstations.

How it could be exploited

An attacker with local access to the system drops a crafted DLL into a directory that Software Center or Solid Edge searches during startup. When the application launches, it automatically loads the malicious DLL instead of the legitimate library, executing the attacker's code with user privileges. This typically requires the attacker to have write access to the application directory or a commonly searched system path.

Prerequisites

Local access to the workstation
User privilege to write files to the Software Center or Solid Edge installation directory or shared library paths
Ability to persuade a user to launch the affected application, or application auto-starts on login

Local access requiredUser interaction requiredAffects engineering workstationsHigh CVSS score (7.8)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Software Center< 3.53.5

Solid Edge SE2025All versions < V225.0 Update 10225.0 Update 10

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict write permissions on application installation directories and system library paths to prevent unauthorized DLL placement

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Software Center

HOTFIXUpdate Siemens Software Center to version 3.5 or later

All products

HOTFIXUpdate Solid Edge to version 225.0 Update 10 or later

Long-term hardening

0/1

HARDENINGAudit user account privileges and remove unnecessary administrative access on engineering workstations

CVEs (1)

CVE-2025-40827

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/95d19818-a0d3-43e9-ad5e-4b0a33cd8e96