CISA 2026-05-14

Siemens Solid Edge

Machine-generated analysis · WAYSCloud LLM

Two vulnerabilities in Siemens Solid Edge allow arbitrary code execution via crafted PAR files. The advisory notes deployment in critical manufacturing sectors worldwide.

Context

Solid Edge is a CAD software product from Siemens. The advisory states that parsing specially crafted PAR files can trigger uninitialized pointer access and stack-based buffer overflow vulnerabilities. These issues could lead to application crashes or arbitrary code execution in the context of the current process. The affected versions are specifically Solid Edge SE2026 before Update 5.

Operator considerations

Patch: Update to Solid Edge SE2026 Update 5 or later version
Check: Verify version of Solid Edge installations
Isolate: Restrict handling of untrusted PAR files

From Cybersecurity and Infrastructure Security Agency ↗

Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid Edge SE2026 and recommends to update to the latest version.

The following versions of Siemens Solid Edge are affected:

Solid Edge vers:intdot/

Read the full advisory on CISA →