OTPulse
FeedAboutContact

Out of Bounds Read in PS/IGES Parasolid Translator Component in Solid Edge

Plan Patch7.8SSA-445819Feb 10, 2026
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Solid Edge contains an out-of-bounds read vulnerability in the PS/IGES Parasolid Translator Component. When a user opens a malicious IGES (.IGS) file, the vulnerability can be triggered, causing the application to crash or potentially allowing arbitrary code execution. Siemens has released a fix in version 226.00 Update 03.

What this means
What could happen
Opening a malicious IGS file in Solid Edge could crash the application or allow an attacker to execute arbitrary code on the engineering workstation, potentially compromising design data or the workstation itself.
Who's at risk
Engineering teams using Solid Edge for CAD design work, particularly those who receive IGES files from external suppliers or collaborators. This affects design workstations running vulnerable versions of Solid Edge and could impact the availability and integrity of design data.
How it could be exploited
An attacker crafts a malicious IGES (.IGS) file and tricks an engineer into opening it with Solid Edge. The file triggers an out-of-bounds read in the PS/IGES Parasolid Translator Component, causing either a denial of service (crash) or potential arbitrary code execution with the privileges of the user running Solid Edge.
Prerequisites
  • User must open a malicious .IGS file
  • Vulnerable version of Solid Edge must be installed
  • File must be opened by a user with access to Solid Edge
User interaction required (file must be opened)affects engineering workstationspotential arbitrary code executionno authentication required
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Solid EdgeAll versions < V226.00 Update 03226.00 Update 03
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge to version 226.00 Update 03 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f2ea93c5-712f-43e3-8f59-42750894501c