Siemens Parasolid

Plan Patch7.8ICS-CERT ICSA-23-257-02Sep 12, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Parasolid CAD software is affected by out-of-bounds write vulnerabilities in the X_T file parser. When a user opens a malicious X_T file, the vulnerability can be triggered to execute arbitrary code in the context of the Parasolid process. The vulnerability requires user interaction (opening a file) and is not remotely exploitable. Siemens has released fixes for all affected versions.

What this means

What could happen

An attacker could execute code on an engineer's workstation if they convince them to open a malicious X_T file in Parasolid, potentially compromising design files, credentials, or the workstation itself and allowing lateral movement to connected control systems.

Who's at risk

Engineering teams using Parasolid CAD software on workstations connected to or near industrial control networks. This affects design and manufacturing environments at utilities, water authorities, and discrete manufacturers who use Siemens Parasolid for equipment design and modeling.

How it could be exploited

An attacker crafts a malicious X_T format file (Parasolid CAD file) and tricks an engineer into opening it. When Parasolid reads the file, an out-of-bounds write vulnerability is triggered, allowing arbitrary code execution within the Parasolid process running on the engineer's workstation with their privileges.

Prerequisites

User interaction required: engineer must open the malicious X_T file
Parasolid application must be installed and available
Vulnerable version of Parasolid must be running

User interaction required (social engineering)Local exploit only (no remote code execution)Affects engineering/design workstations with potential access to OT networksLow EPSS score (0.1%) but vulnerability is actively weaponized

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (7)

7 with fix

ProductAffected VersionsFix Status

Parasolid V34.1<V34.1.25834.1.258

Parasolid V35.0<V35.0.25335.0.253

Parasolid V35.0<V35.0.26035.0.260

Parasolid V35.1<V35.1.18435.1.184

Parasolid V35.1<V35.1.24635.1.246

Parasolid V36.0<V36.0.14236.0.142

Parasolid V36.0<V36.0.15636.0.156

Remediation & Mitigation

0/7

Do now

0/2

WORKAROUNDDo not open untrusted or unknown X_T files from external sources

WORKAROUNDRestrict file sharing and implement email controls to prevent malicious X_T files from reaching engineer workstations

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

Parasolid V34.1

HOTFIXUpdate Parasolid V34.1 to version 34.1.258 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.253 or 35.0.260 or later

Parasolid V35.1

HOTFIXUpdate Parasolid V35.1 to version 35.1.184 or 35.1.246 or later

Parasolid V36.0

HOTFIXUpdate Parasolid V36.0 to version 36.0.142 or 36.0.156 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations from control system networks

CVEs (2)

CVE-2023-41032 CVE-2023-41033

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dec59c15-a718-4a3d-b77e-45cd103d41fa