Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-21-194-08Jul 13, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge SE2021 prior to MP5 contains heap-based buffer overflow vulnerabilities in PAR and ASM file parsing. Opening a malicious file can crash the application or lead to arbitrary code execution. Siemens recommends updating to SE2021MP5 or later and avoiding untrusted files.

What this means

What could happen

A user who opens a malicious PAR or ASM file in Solid Edge could crash the application or allow an attacker to run arbitrary code on their workstation with the user's privileges.

Who's at risk

Engineering and design staff at utilities and water authorities who use Solid Edge for design, documentation, and asset modeling. This primarily affects office workstations rather than control systems, but compromised workstations could become a stepping stone into OT networks if not properly segmented.

How it could be exploited

An attacker crafts a malicious PAR or ASM file and tricks a user into opening it in Solid Edge. When the application parses the file, a heap buffer overflow occurs, potentially allowing code execution on the user's machine.

Prerequisites

User must open a malicious PAR or ASM file in the affected Solid Edge version
Social engineering or file delivery mechanism to get the file to the user

Requires user interaction (file opening)No authentication required to trigger vulnerabilityLow attack complexityAffects workstations that may have access to engineering networks

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge SE2021<SE2021MP5SE2021MP5

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDTrain users not to open PAR or ASM files from untrusted or unknown sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge to version SE2021MP5 or later

Long-term hardening

0/1

HARDENINGImplement file input controls or disable opening of PAR/ASM files if not required for operations

CVEs (4)

CVE-2021-34326 CVE-2021-34327 CVE-2021-34328 CVE-2021-34329

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d4210cd4-0275-4dd8-9c01-59b3caba83ff