Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-21-012-04Jan 12, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Buffer overflow vulnerability (CWE-787, CWE-121) in Siemens Solid Edge SE2020 and SE2021 versions. The vulnerability is triggered when opening specially crafted project files in Solid Edge. An attacker can exploit this to achieve code execution on the engineering workstation running the affected software. The vulnerability requires local access and user interaction (opening a malicious file).

What this means

What could happen

An attacker can execute arbitrary code on an engineering workstation running Solid Edge by sending a malicious design file. This could allow the attacker to modify plant designs, steal intellectual property, or establish persistence to target the control network from the engineering environment.

Who's at risk

Engineering teams and plant design personnel using Siemens Solid Edge for industrial design and automation projects should care about this vulnerability. It affects anyone using Solid Edge SE2020 or SE2021 to open external design files, including consultants, contractors, and internal engineering staff.

How it could be exploited

An attacker crafts a malicious Solid Edge project file and sends it to an engineer via email or file sharing. When the engineer opens the file in Solid Edge, the buffer overflow is triggered, allowing the attacker to run code with the privileges of the engineering user account.

Prerequisites

User must open a malicious Solid Edge project file
Vulnerable version of Solid Edge must be installed (SE2020 all versions before MP12, or SE2021 before MP2)
User interaction required (file must be intentionally opened)

Buffer overflow vulnerabilityRequires user interaction (file must be opened)No authentication required after file is openedLow complexity exploitationEngineering workstations are often gateways to control network

Exploitability

Moderate exploit probability (EPSS 1.8%)

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

Solid Edge SE2020: All<SE2020MP12No fix (EOL)

Solid Edge SE2021: All<SE2021MP2SE2021MP2

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDo not open Solid Edge project files from untrusted or unknown sources

WORKAROUNDImplement email filtering and user training to prevent opening unsolicited attachments containing Solid Edge files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2021 to MP2 or later

Mitigations - no patch available

0/1

Solid Edge SE2020: All has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGApply defense-in-depth concept: restrict which users can install software on engineering workstations, use endpoint detection and response (EDR) tools, and isolate engineering network from production control network

CVEs (6)

CVE-2020-28381 CVE-2020-28382 CVE-2020-28383 CVE-2020-28384 CVE-2020-28386 CVE-2020-26989

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/54846fb0-512e-4d78-b566-e9798412f758