As outlined in the Siemens Product Certification team's security report
SSA-173615, a small number of vulnerabilities resulting from a manually derived, malicious file manipulation force heap-based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution.
Please Note:
There have been no actual reported cases of any issues associated with these vulnerabilities. If the recommended solution documented in the Siemens Product Certification security report (
SSA-173615) is implemented these vulnerabilities are eliminated.
The worst-case outcome in these scenarios is the same as the worst case for any phishing attack. You are vulnerable to ransomware, loss of IP, loss of personal information, or general exposure of data on your system or network. As always, we encourage customers to provide appropriate network protections, utilize the concept of "defense-in-depth," and
don't open files from unknown or untrusted sources.
SFB-SOLID_EDGE-8560121
Product Information: