SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7

Risk Summary

<p>Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files.</p> <p>If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution and data extraction on the target host system.</p> <p>Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)