Siemens Parasolid

Plan Patch7.8ICS-CERT ICSA-24-102-06Apr 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Parasolid contains out-of-bounds read, stack exhaustion, and null pointer dereference vulnerabilities (CWE-125, CWE-770, CWE-476) in its X_T file format parser. A malicious X_T file can trigger these flaws when opened in a vulnerable version. Siemens has released patches for all affected versions: V35.1.254, V36.0.207, and V36.1.147. No patch is available for versions prior to V35.1 or other product lines not listed. The primary risk vector is social engineering to deliver the malicious file.

What this means

What could happen

An attacker could trick a user into opening a malicious design file that exploits out-of-bounds read or null pointer vulnerabilities in Parasolid, allowing arbitrary code execution with the privileges of the person running the application. This could compromise CAD workstations and potentially introduce malicious modifications into design data.

Who's at risk

Design and engineering departments using Siemens Parasolid on workstations are primarily affected. This includes companies in automotive, aerospace, manufacturing, and industrial sectors that rely on Parasolid for CAD modeling. Users running affected versions (V35.1 before 35.1.254, V36.0 before 36.0.207, or V36.1 before 36.1.147) are at risk of workstation compromise through malicious design files.

How it could be exploited

An attacker crafts a malicious X_T (Parasolid) design file containing specially crafted data that triggers an out-of-bounds read, stack exhaustion, or null pointer dereference when parsed. The attacker then distributes this file via email or file-sharing to trick a user into opening it with Parasolid. When opened, the vulnerability allows the attacker to execute arbitrary code in the context of the Parasolid application running on the user's workstation.

Prerequisites

User with Parasolid installed must open a malicious X_T format file
No special network access required—purely local file-based attack
Social engineering or phishing needed to trick user into opening file

Low attack complexity (requires malicious file to be opened)Requires user interaction (social engineering)Local exploitation only (not remotely exploitable over network)Code execution in context of application userAll three affected product versions have vendor fixes available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Parasolid V35.1<V35.1.25435.1.254

Parasolid V36.0<V36.0.20736.0.207

Parasolid V36.1<V36.1.14736.1.147

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDo not open X_T files from untrusted sources; implement policy restricting file sources and educating users on phishing/social engineering risks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Parasolid V35.1

HOTFIXUpdate Parasolid V35.1 to version 35.1.254 or later

Parasolid V36.0

HOTFIXUpdate Parasolid V36.0 to version 36.0.207 or later

Parasolid V36.1

HOTFIXUpdate Parasolid V36.1 to version 36.1.147 or later

Long-term hardening

0/1

HARDENINGConfigure firewall and network segmentation to isolate CAD workstations from internet access where feasible; limit email attachments to trusted internal sources

CVEs (3)

CVE-2024-26275 CVE-2024-26276 CVE-2024-26277

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b711efa6-db5d-4e91-8002-d56cedbeb023