Description
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Published: 2026-05-12
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uninitialized pointer dereference that occurs when Solid Edge SE2026 processes specially crafted PAR files. An attacker can construct such a file to trigger the bug and cause the application to execute arbitrary code in the context of the running process. This flaw, identified as CWE‑824, can lead to compromise of the confidentiality, integrity, and availability of data processed by the product, and may allow the attacker to gain escalated privileges within the application environment.

Affected Systems

The affected component is Siemens Solid Edge SE2026. All releases prior to V226.0 Update 5 are impacted, regardless of platform or module. Users running these legacy versions should verify their current build against the vendor’s release notes and apply the latest update when available.

Risk and Exploitability

The CVSS base score of 7.3 indicates a high severity. With no EPSS data and current exclusion from CISA KEV, the exploitation likelihood remains a concern. The attack path requires access to a user who can open or otherwise trigger parsing of a malicious PAR file, making it a local or user‑initiated threat. Because the bug leads to code execution in the current process, it can be leveraged to take full control of the application instance.

Generated by OpenCVE AI on May 12, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Siemens update V226.0 Update 5 or newer to patch the uninitialized pointer vulnerability.
  • Avoid opening or executing untrusted PAR files; restrict user access to the application or enforce file‑type filtering.
  • If an update cannot be applied immediately, isolate the affected system and monitor for abnormal process activity or attempts to load suspicious PAR files, and consider enabling endpoint protection.

Generated by OpenCVE AI on May 12, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens solid Edge Se2026
Vendors & Products Siemens
Siemens solid Edge Se2026

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
Title Uninitialized Pointer Access in Solid Edge SE2026 Allows Local Code Execution

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Solid Edge Se2026
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-12T12:39:00.293Z

Reserved: 2026-05-06T09:51:05.262Z

Link: CVE-2026-44411

cve-icon Vulnrichment

Updated: 2026-05-12T12:38:50.096Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:46.430

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-44411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:15:14Z

Weaknesses