Full Report
PS/IGES Parasolid Translator Component contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for PS/IGES Parasolid Translator Component and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Out of Bounds Read in PS/IGES Parasolid Translator Component
## CVE Details
- CVE ID: CVE-2025-40936
- CVSS Score: 7.8 (CVSS v3.1 High Baseline) / 7.3 (CVSS v4.0)
- CWE: CWE-125: Out-of-bounds Read
## Affected Systems
- Products: PS/IGES Parasolid Translator Component
- Versions: All versions prior to V29.0.258
- Configurations: Triggered when the application reads files in IGS format.
## Vulnerability Description
The PS/IGES Parasolid Translator Component contains an Out-of-Bounds Read vulnerability during the parsing of a specially crafted IGS file. Successful exploitation may allow an attacker to cause the application to crash or potentially lead to arbitrary code execution in the context of the current process.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC potential (ZDI-CAN-26755) suggests exploitability.
- Complexity: High (CVSS v4.0 AC:H suggests required high adversarial effort, though CVSS v3.1 AC:L suggests low complexity to trigger the condition). Based on context (User needs to open a malicious file), exploitation requires user interaction.
- Attack Vector: Local (L/AV:L based on CVSS v3.1) requiring the user to open a local or network-accessible malicious file.
## Impact
- Confidentiality: High (H)
- Integrity: High (H)
- Availability: High (H)
## Remediation
### Patches
- Update the PS/IGES Parasolid Translator Component to **V29.0.258 or later version**.
- Available via: `https://ftp-cambridge.ugs.com`
### Workarounds
- No specific product-specific workarounds were detailed, other than urging users to follow the General Security Recommendations provided by Siemens.
## Detection
- **Indicators of compromise:** Application crashes occurring when processing IGS files from untrusted sources.
- **Detection methods and tools:** Monitor file processing events related to the translator component, especially for files originating externally or user-supplied.
## References
- Vendor Advisory: SSA-241605 (Siemens ProductCERT)
- Security Disclosure: ZDI-CAN-26755
- Siemens Operational Guidelines: `https://www.siemens.com/cert/operational-guidelines-industrial-security`
- Siemens Security Portal: `https://www.siemens.com/industrialsecurity`