Skip to main content

Solid Edge Se2026

3 CVEs product

Monthly

CVE-2026-44412 HIGH CISA This Week

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Buffer Overflow Stack Overflow Solid Edge Se2026
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-44411 HIGH CISA Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-40745 MEDIUM CISA This Month

Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.

Information Disclosure Siemens Simcenter Femap Tecnomatix Plant Simulation Siemens Software Center +4
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
EPSS 0% CVSS 7.3
HIGH This Week

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Buffer Overflow Stack Overflow Solid Edge Se2026
NVD VulDB
EPSS 0% CVSS 7.3
HIGH Act Now

Uninitialized pointer access in Siemens Solid Edge SE2026 enables arbitrary code execution when processing malicious PAR files. Attackers must deliver a crafted PAR file and convince users to open it (CVSS:4.0 AV:L/UI:P), achieving full compromise of the victim's workstation with high confidentiality, integrity, and availability impact. No active exploitation confirmed at time of analysis, though the local attack vector and user interaction requirement limit automated mass exploitation. EPSS data not available for risk calibration.

Information Disclosure Memory Corruption Solid Edge Se2026
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.

Information Disclosure Siemens Simcenter Femap +6
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy