Siemens Solid Edge File Parsing (Update A)

Plan Patch7.8ICS-CERT ICSA-21-103-06Apr 13, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge contains file parsing vulnerabilities in PAR and DFT file format handlers that can be triggered when a user opens a malicious file. Memory corruption flaws (CWE-822, CWE-787, CWE-121) could cause application crash or arbitrary code execution on the host system. Affected versions: SE2020 before MP13/MP14 and SE2021 before MP4. No public exploits are known, and these vulnerabilities are not remotely exploitable—an attacker must trick a user into opening a malicious file.

What this means

What could happen

If an engineer opens a malicious PAR or DFT file in Solid Edge, the application could crash, or an attacker could execute arbitrary code and access design data on the engineering workstation.

Who's at risk

Design engineering teams and CAD operators who use Siemens Solid Edge for mechanical design and drawing work. This affects engineering workstations running Solid Edge SE2020 and SE2021, particularly those that receive design files from external sources or untrusted suppliers.

How it could be exploited

An attacker sends a malicious CAD file (PAR or DFT format) to an engineer via email or file sharing. When the engineer opens the file in Solid Edge, the application parses the malformed file and triggers a memory corruption vulnerability, allowing code execution on the workstation.

Prerequisites

User must open a malicious file attachment in Solid Edge
File must be in PAR or DFT format
Engineer must have Solid Edge application installed with vulnerable version

Low complexity attackUser interaction required (must open malicious file)Affects engineering workstationsSocial engineering vector (email delivery)Requires local access to execute

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Solid Edge SE2020<SE2020MP13SE2020MP13 or later

Solid Edge SE2021<SE2021MP4SE2021MP4 or later

Solid Edge SE2020<SE2020MP14SE2020MP13 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDInstruct engineers to avoid opening untrusted PAR and DFT files from unknown sources

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Solid Edge SE2020

HOTFIXUpdate Solid Edge SE2020 to MP13 or later

Solid Edge SE2021

HOTFIXUpdate Solid Edge SE2021 to MP4 or later

Long-term hardening

0/1

HARDENINGImplement email filtering or user training to reduce social engineering attacks delivering malicious files

CVEs (5)

CVE-2020-26997 CVE-2020-28385 CVE-2021-25678 CVE-2021-27380 CVE-2021-27382

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a482ba7a-ff2d-45a3-a000-06d07bfe587b