Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-24-011-11Jan 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge SE2023 contains multiple vulnerabilities (CWE-122, CWE-125, CWE-787, CWE-121, CWE-824) in PAR file parsing that could lead to application crash or arbitrary code execution when a user opens a malicious file. The vulnerabilities are triggered when the application reads a crafted PAR (part/assembly) file. These are buffer overflow and out-of-bounds access issues. Solid Edge SE2023 versions prior to 223.0 Update 10 are affected.

What this means

What could happen

An attacker could trick a user into opening a malicious PAR file that crashes Solid Edge or executes arbitrary code on the engineering workstation running the application.

Who's at risk

This affects engineering and design staff who use Siemens Solid Edge SE2023 on Windows workstations to design and modify industrial equipment, process piping, electrical systems, and mechanical components. Primary concern is compromise of engineering workstations that could allow insertion of malicious designs or process logic into control systems.

How it could be exploited

An attacker sends a malicious PAR (Solid Edge part/assembly) file via email or file share. When an unsuspecting user opens the file in Solid Edge, the application parses the malformed file, triggering a buffer overflow or memory corruption vulnerability. This could crash the application or execute code with the privileges of the user running Solid Edge.

Prerequisites

User must manually open a malicious PAR file in Solid Edge
No special credentials or network access required
Social engineering or file delivery mechanism (email, USB, file share)

User interaction required (social engineering vector)Local execution only—not remotely exploitableAffects engineering/design workstationsBuffer overflow/memory corruption vulnerabilitiesNo authentication required to open file

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge SE2023<V223.0 Update 10223.0 Update 10

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDo not open untrusted PAR files from unknown sources in Solid Edge

HARDENINGImplement email security controls to block suspicious attachments and filter executable file extensions

HARDENINGEducate users on social engineering and phishing risks; advise against opening unsolicited attachments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2023 to version 223.0 Update 10 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations running Solid Edge from the business network and the internet where feasible

CVEs (11)

CVE-2023-49121 CVE-2023-49122 CVE-2023-49123 CVE-2023-49124 CVE-2023-49126 CVE-2023-49127 CVE-2023-49128 CVE-2023-49129 CVE-2023-49130 CVE-2023-49131 CVE-2023-49132

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/567f64cd-f80a-4682-8529-e214b521cba1