Out of Bounds Write Vulnerability in Solid Edge
Plan Patch7.8SSA-672923Apr 8, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Solid Edge SE2024 and SE2025 are affected by an out of bounds write vulnerability (CWE-787) triggered when parsing specially crafted X_T format files. When a user opens a malicious file, the vulnerability allows an attacker to execute arbitrary code in the context of the application and the user's account. Siemens has released patches: V224.0 Update 12 for SE2024 and V225.0 Update 3 for SE2025.
What this means
What could happen
An attacker could execute arbitrary code on an engineer's workstation by crafting a malicious X_T file. If that workstation has access to your production network, the attacker could potentially access or modify design files and control system configurations.
Who's at risk
Design engineers and CAD operators who use Solid Edge SE2024 or SE2025 to create and modify equipment designs, control schematics, or automation drawings. Any organization where engineering workstations have network access to production systems or sensitive OT data.
How it could be exploited
An attacker creates a malicious X_T file (Solid Edge design format) and tricks an engineer into opening it. The application parses the crafted file, triggering an out of bounds write that overwrites memory. The attacker leverages this to inject and execute arbitrary code with the privileges of the engineer's user account.
Prerequisites
- User must open a malicious X_T file attachment or download
- Engineer must be using a vulnerable version of Solid Edge SE2024 or SE2025
low complexity attackuser interaction required (file open)high impact if engineer workstation compromisedpotential supply chain risk if malicious files shared in design collaboration
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Solid Edge SE2024All versions < V224.0 Update 12224.0 Update 12
Solid Edge SE2025All versions < V225.0 Update 3225.0 Update 3
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDImplement file-based email filtering to block or warn on X_T file attachments from external sources
HARDENINGEducate engineering staff not to open design files from untrusted sources
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Solid Edge SE2024
HOTFIXUpdate Solid Edge SE2024 to V224.0 Update 12 or later
Solid Edge SE2025
HOTFIXUpdate Solid Edge SE2025 to V225.0 Update 3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/96d80af7-906c-48a7-b21d-266df970c3dc