ICSA-21-222-08_Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-21-222-08Aug 10, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Solid Edge SE2021 contains XML External Entity (XXE) injection (CWE-611), use-after-free (CWE-416), and out-of-bounds access (CWE-824) vulnerabilities in its file parsing logic. These can be triggered by opening malformed Solid Edge files or files with specially crafted XML or embedded objects. An attacker could cause denial of service or remote code execution on the engineering workstation.

What this means

What could happen

Malformed files or embedded objects could crash Solid Edge or allow an attacker to execute arbitrary code on an engineering workstation when a user opens a crafted file. This could compromise design files, steal intellectual property, or provide a foothold into the engineering network.

Who's at risk

Engineering and design teams using Siemens Solid Edge for mechanical design and CAD work. Any organization where design files are shared or accessed are at risk if users are tricked into opening malicious files.

How it could be exploited

An attacker crafts a malicious Solid Edge file that contains improper XML External Entity (XXE) references or use-after-free gadgets and sends it to an engineer. When the engineer opens the file in Solid Edge, the application parses the malformed content and either crashes, reveals sensitive data, or executes code in the context of the user's workstation.

Prerequisites

User must open a malicious Solid Edge file from an untrusted source
Solid Edge must be installed on the workstation

Requires user interaction (file open)Local execution only, not remotely exploitableAffects engineering workstations and intellectual propertyLow EPSS score (0.5%)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge SE2021: All< SE2021MP7SE2021MP7

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open Solid Edge files from unknown or untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2021 to SE2021MP7 or later

Long-term hardening

0/1

HARDENINGRestrict file sharing and implement network access controls to engineering workstations

CVEs (3)

CVE-2021-37178 CVE-2021-37179 CVE-2021-37180

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/be6f097b-717c-4045-b121-b96e59ba331b