CVE-2026-22923 Siemens CVE debrief

Who should care

Siemens NX administrators, security teams, and OT/engineering workstation owners running NX—especially deployments that use managed mode and allow privileged local access.

Technical summary

The advisory describes a data validation vulnerability in Siemens NX affecting the PDF export process. The published guidance indicates exploitation requires local access and privileged access to the application in managed mode, with possible impact up to arbitrary code execution. CISA’s republication also distinguishes NX and NX (Managed Mode) as affected product names and links remediation to Siemens ProductCERT SSA-535115.

Defensive priority

High — prioritize if NX is deployed in managed mode on systems where privileged local users or administrators are present.

Recommended defensive actions

• Update Siemens NX to V2512 or later, per the vendor remediation.
• Limit privileged local access to systems running NX, especially managed-mode deployments.
• Apply strong endpoint security, timely patching, and continuous monitoring for signs of compromise, as recommended by Siemens/CISA.
• Review CISA and Siemens advisories for product-specific guidance before scheduling maintenance.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-26-043-08, which republishes Siemens ProductCERT SSA-535115. The source text states that the vulnerability is a data validation issue in PDF export, that exploitation requires local access plus privileged access in managed mode, and that impact could include arbitrary code execution. The advisory was first published on 2026-02-10 and updated through 2026-03-12; those dates are used only as advisory timing context, not as separate issue dates. No KEV entry is provided in the source corpus.

Official resources