CVE-2026-44412 Cert Portal CVE debrief

Who should care

Administrators and users of Siemens Solid Edge, especially in engineering and industrial environments that routinely open PAR files or exchange them with external parties.

Technical summary

The advisory describes a stack-based overflow in the PAR file parser. The published CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, reflecting local attack conditions, required user interaction, and potential impact to confidentiality, integrity, and availability. Siemens lists V226.0 Update 5 or later as the fix.

Defensive priority

High

Recommended defensive actions

• Update Siemens Solid Edge to V226.0 Update 5 or later.
• Treat PAR files from untrusted or unverifiable sources as hazardous until the fix is applied.
• Apply CISA and vendor-recommended industrial control and defense-in-depth practices to reduce exposure around engineering file workflows.
• Prioritize patching on systems that regularly process externally supplied PAR files or that support higher-risk engineering workflows.

Evidence notes

The supplied CISA CSAF advisory for ICSA-26-134-03 states that affected applications contain a stack-based overflow while parsing specially crafted PAR files and that this could allow code execution in the context of the current process. The remediation entry specifies updating to V226.0 Update 5 or later. The CVSS vector in the source is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a score of 7.8. Timeline context: the advisory was published on 2026-05-12, received a title correction on 2026-05-13, and was republished on 2026-05-14 using the Siemens ProductCERT advisory.

Official resources