Siemens Parasolid

Plan Patch7.8ICS-CERT ICSA-22-314-01Nov 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Parasolid versions prior to specific patch levels are affected by out-of-bounds read/write vulnerabilities in the X_T file format parser. When a user opens a malicious X_T file, these vulnerabilities can be triggered to execute arbitrary code in the context of the Parasolid process. The vulnerability requires user interaction (opening a file) and is not remotely exploitable. Siemens has released patched versions for all affected product lines.

What this means

What could happen

An attacker could execute code on an engineering workstation running Parasolid if a user opens a malicious X_T (CAD) file, potentially compromising design files and enabling access to downstream systems in the engineering environment.

Who's at risk

Engineering and design teams who use Siemens Parasolid for CAD/CAM design work. This affects any organization that uses Parasolid for product design, part modeling, or engineering analysis, particularly when engineers receive design files from external partners or suppliers.

How it could be exploited

An attacker distributes a malicious X_T (Parasolid CAD) file via email or a file-sharing service. When an engineer or designer opens the file in a vulnerable version of Parasolid, the out-of-bounds read/write vulnerability is triggered, allowing the attacker to execute arbitrary code in the context of the user's workstation.

Prerequisites

User must open a malicious X_T file in Parasolid
Vulnerable version of Parasolid installed on engineering workstation
No special network access or credentials required

Requires user interaction (file open)Low attack complexityUser must open malicious fileLocal execution only

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

Parasolid V34.0<V34.0.25234.0.252

Parasolid V34.0≥ V34.0.252 <V34.0.25434.0.254

Parasolid V34.1<V34.1.24234.1.242

Parasolid V34.1≥ V34.1.242 <V34.1.24434.1.244

Parasolid V35.0<V35.0.17035.0.170

Parasolid V35.0≥ V35.0.170 <V35.0.18435.0.184

Remediation & Mitigation

0/8

Do now

0/1

WORKAROUNDDo not open untrusted X_T files in Parasolid; warn design and engineering staff to avoid opening X_T files from unknown sources or unsolicited emails

Schedule — requires maintenance window

0/6

Patching may require device reboot — plan for process interruption

Parasolid V34.0

HOTFIXUpdate Parasolid V34.0 to version 34.0.252 or later

HOTFIXUpdate Parasolid V34.0 to version 34.0.254 or later

Parasolid V34.1

HOTFIXUpdate Parasolid V34.1 to version 34.1.242 or later

HOTFIXUpdate Parasolid V34.1 to version 34.1.244 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.170 or later

HOTFIXUpdate Parasolid V35.0 to version 35.0.184 or later

Long-term hardening

0/1

HARDENINGImplement email security controls to block or flag attachments containing X_T files from external sources

CVEs (2)

CVE-2022-39157 CVE-2022-43397

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5855510a-22c1-4c91-b995-75a6361b98af