Description
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files.
This could allow an attacker to execute code in the context of the current process.
Published: 2026-05-12
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow is triggered when Solid Edge SE2026 parses specially crafted PAR files. The overflow can allow an attacker to execute arbitrary code in the process that parses the file, potentially compromising confidentiality, integrity, and availability of the affected system. The flaw represents a classic stack overwrite (CWE‑121).

Affected Systems

Siemens Solid Edge SE2026 versions older than V226.0 Update 5 are susceptible to this vulnerability. All users running these versions should identify their current build and consider remediation.

Risk and Exploitability

The CVSS score of 7.3 indicates moderate to high severity. The EPSS score is not reported, and the vulnerability is not listed in CISA's KEV catalog. Attackers would need to provide a malicious PAR file to the target or have an opportunity to supply one, making local or network-based file delivery a likely attack vector. Due to the lack of an exploit probability metric, organizations should treat the risk as potentially significant, especially in environments where users can open untrusted files.

Generated by OpenCVE AI on May 12, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Siemens Solid Edge 226.0 Update 5 or a later released version.
  • Apply the Siemens security patch listed in the product certification portal at https://cert-portal.siemens.com/productcert/html/ssa-921111.html.
  • Restrict user access to untrusted PAR files and enforce strict file‑type validation before opening them in the application.

Generated by OpenCVE AI on May 12, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens solid Edge Se2026
Vendors & Products Siemens
Siemens solid Edge Se2026

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Solid Edge SE2026 PAR File Parsing

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Solid Edge Se2026
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-05-13T01:48:13.858Z

Reserved: 2026-05-06T09:51:05.262Z

Link: CVE-2026-44412

cve-icon Vulnrichment

Updated: 2026-05-13T01:46:48.237Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:46.567

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-44412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T11:15:14Z

Weaknesses