{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22923", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "state": "PUBLISHED", "assignerShortName": "siemens", "dateReserved": "2026-01-13T15:21:45.768Z", "datePublished": "2026-02-10T09:58:45.403Z", "dateUpdated": "2026-03-10T16:07:51.795Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-03-10T16:07:51.795Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution."}], "affected": [{"vendor": "Siemens", "product": "NX", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "NX (Managed Mode)", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}, {"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-535115.html"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:53:34.581103Z", "id": "CVE-2026-22923", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:53:42.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T19:53:34.581103Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:53:39.435Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Siemens", "product": "NX", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "NX (Managed Mode)", "versions": [{"status": "affected", "version": "0", "lessThan": "V2512", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-535115.html"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2026-03-10T16:07:51.795Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22923", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:07:51.795Z", "dateReserved": "2026-01-13T15:21:45.768Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2026-02-10T09:58:45.403Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", "matchCriteriaId": "31B0C57C-0518-44B8-AEFD-8B04DF04F607", "versionEndExcluding": "2512.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution."}, {"lang": "es", "value": "Una vulnerabilidad ha sido identificada en NX (Todas las versiones &lt; V2512). La aplicaci\u00f3n afectada contiene una vulnerabilidad de validaci\u00f3n de datos que podr\u00eda permitir a un atacante con acceso local interferir con datos internos durante el proceso de exportaci\u00f3n de PDF, lo que podr\u00eda llevar potencialmente a la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2026-22923", "lastModified": "2026-03-10T18:18:13.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2026-02-10T10:15:58.050", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/html/ssa-535115.html"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V2512)"}}], "product": "nx", "vendor": "siemens"}], "analysis": {"en": {"generated_at": "2026-04-16T17:19:14.383050+00:00", "value": {"mitigation_remediation": ["Apply Siemens NX version V2512 or a later release to eliminate the PDF export data validation flaw.", "Restrict or disable the PDF export capability for local users when the functionality is not required.", "Enable detailed logging of PDF export operations to detect anomalous activity and verify that the patch is effective."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "All versions of Siemens NX and Siemens NX (Managed Mode) earlier than V2512 are vulnerable.", "description_and_impact": "The vulnerability is a data validation flaw in the PDF export feature of Siemens NX and its Managed Mode. An attacker who obtains local access can manipulate internal data during the export process, which may lead to arbitrary code execution. The weakness is characterized as a stack buffer overflow (CWE\u2011121).", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high impact. The EPSS score of less than 1% shows a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires local access, the likely attack vector is a local user or process with sufficient privileges. Exploitation would involve providing crafted input to the PDF export path, causing a buffer overflow that could execute arbitrary code on the affected system."}}}}, "created": "2026-02-10T12:23:35.688404+00:00", "title": "Local Arbitrary Code Execution via PDF Export in Siemens NX", "updated": "2026-04-16T17:30:25.998900+00:00", "vendors": ["siemens", "siemens$PRODUCT$nx"]}