Siemens Solid Edge before V2023 MP1

Plan Patch7.8ICS-CERT ICSA-23-012-11Jan 10, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Solid Edge is affected by a memory corruption vulnerability (CWE-119) that can be triggered when the application reads files in PAR, ASM, or DFT formats. If a user opens a malicious file, an attacker could leverage the vulnerability to execute arbitrary code in the context of the Solid Edge process. Siemens has released a fix in version 2023 MP1.

What this means

What could happen

An attacker could execute code on an engineering workstation if a user opens a malicious CAD file, potentially allowing theft of design data, modification of product designs, or installation of persistent access tools on the workstation.

Who's at risk

Engineering and design staff using Siemens Solid Edge for CAD work. This affects organizations in manufacturing, engineering design, automotive, and industrial equipment sectors that rely on Solid Edge for product design and documentation.

How it could be exploited

An attacker creates a malicious PAR, ASM, or DFT file and tricks a Solid Edge user into opening it (via email, file sharing, or supply chain compromise). When the file is opened, the memory corruption flaw triggers, allowing the attacker to run code with the privileges of the user opening the file.

Prerequisites

User must open a malicious file in a vulnerable version of Solid Edge
File must be in PAR, ASM, or DFT format
User interaction required (social engineering or supply chain compromise)

Requires user interaction (file opening)No authentication requiredLow complexity exploitationMemory corruption vulnerabilityAffects engineering workstations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge<V2023 MP12023 MP1

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDo not open untrusted CAD files (PAR, ASM, DFT) from unknown sources in Solid Edge

HARDENINGImplement email filtering to block or warn on CAD file attachments from external senders

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge to version 2023 MP1 or later

HARDENINGRestrict Solid Edge to engineering workstations only; do not allow execution on shared or internet-facing systems

Long-term hardening

0/1

HARDENINGUse network segmentation to isolate engineering workstations from general business network and internet

CVEs (1)

CVE-2022-47967

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/54a7df4f-e828-485e-8a1f-44604005e330