Siemens PS/IGES Parasolid Translator Component

Plan Patch7.8ICS-CERT ICSA-24-137-08May 14, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

PS/IGES Parasolid Translator Component contains multiple file parsing vulnerabilities (CWE-125, CWE-843, CWE-119) triggered when reading malformed IGS format files. Versions prior to 27.1.215 are affected. Exploitation requires user interaction: opening a specially crafted IGS file could cause the application to crash or lead to arbitrary code execution with the privileges of the user running the application. Siemens has released version 27.1.215 with fixes.

What this means

What could happen

An attacker who tricks an engineer into opening a malicious IGS file could crash the design application or execute arbitrary code on the engineering workstation, potentially compromising CAD designs or accessing sensitive system configurations.

Who's at risk

Design and engineering teams using Siemens PS/IGES Parasolid Translator for CAD work on engineering workstations. This includes companies in discrete manufacturing, process automation design, plant engineering, and machine builders who use Siemens design tools to create or modify control system configurations and mechanical models.

How it could be exploited

An attacker crafts a malicious IGS (IGES geometry) file and distributes it via email, web download, or shared file storage. When an engineer opens the file using PS/IGES Parasolid Translator, the application parses the malformed file and triggers a buffer overflow or memory corruption, leading to application crash or code execution in the context of the engineer's workstation.

Prerequisites

User must open a malicious IGS file using the affected application
File must be delivered to the user and accepted as trusted (social engineering)
Engineering workstation must have PS/IGES Parasolid Translator installed with version < 27.1.215

Low complexity exploitationUser interaction required (file open)Potential for arbitrary code execution on engineering workstationSocial engineering attack vector

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

PS/IGES Parasolid Translator Component<V27.1.21527.1.215

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDTrain engineering staff not to open IGS files from untrusted sources without verification

WORKAROUNDRestrict file download and attachment opening to trusted internal sources only; configure email filtering to block executable attachments and suspicious file types

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PS/IGES Parasolid Translator Component to version 27.1.215 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to limit lateral movement if an engineering workstation is compromised

CVEs (11)

CVE-2024-32055 CVE-2024-32057 CVE-2024-32058 CVE-2024-32059 CVE-2024-32060 CVE-2024-32061 CVE-2024-32062 CVE-2024-32063 CVE-2024-32064 CVE-2024-32065 CVE-2024-32066

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3a85bb28-75a5-435f-801d-b08f8c170501