Fortinet Discovers Siemens PADS Standard/Plus Viewer Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a Memory Corruption vulnerability in Siemens PADS Standard/Plus Viewer.
Siemens PADS Viewer is a powerful & intuitive PCB viewer software used by Engineers. It provides schematic and layout capabilities in an easy-to-use environment. PADS Standard is ideal where economy is a high priority. PADS Standard Plus introduces simulation and analysis with advanced layout capabilities.
A memory corruption vulnerability has been discovered in Siemens PADS Viewer by FortiGuard Labs. The vulnerability is caused by a crafted PCB file which causes an out-of-bounds write memory access. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jul 12, 2022
Users should apply the workaround provided by Siemens and not open untrusted PCB files.
Fortinet reported the vulnerability to Siemens on May 21, 2022.
Siemens confirmed the vulnerability on June 15, 2022.
Siemens published the vulnerability on July 12, 2022.