Siemens Solid Edge
Plan Patch7.8ICS-CERT ICSA-24-137-09May 14, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Siemens Solid Edge contains multiple memory corruption vulnerabilities (CWE-122, CWE-125, CWE-121) in its PAR file parser. When a user opens a specially crafted PAR file, the application may crash or allow arbitrary code execution in the context of the current user. The vulnerabilities are triggered during file parsing and affect versions prior to V224.0 Update 2, Update 4, or Update 5 depending on the specific CVE. Exploitation requires user interaction (opening a malicious file) and is not remotely exploitable.
What this means
What could happen
An attacker could execute arbitrary code on an engineering workstation if a user is tricked into opening a malicious PAR (part) file in Solid Edge, potentially compromising design data, credentials, or project files stored on that system.
Who's at risk
This affects engineering teams and design departments at any manufacturing or product development organization that uses Siemens Solid Edge CAD software. It is particularly relevant to utilities, manufacturers, and infrastructure operators who use Solid Edge for equipment design and documentation. The vulnerability targets workstations, not directly the operational control systems themselves, but compromised engineering workstations could be a stepping stone to access critical design data or deploy malware to connected networks.
How it could be exploited
An attacker crafts a malicious PAR file and tricks a user (via email, file sharing, or social engineering) into opening it in Solid Edge. The application parses the file, triggers a memory corruption vulnerability (buffer overflow or out-of-bounds read), and the attacker's code runs with the privileges of the Solid Edge process and logged-in user.
Prerequisites
- User must open a malicious PAR file in Solid Edge
- User interaction required (social engineering or phishing to deliver the file)
- Vulnerable version of Solid Edge must be installed
requires user interaction (file opening)low complexity attackaffects engineering/IT workstations (not directly OT)memory corruption vulnerabilities (CWE-122, CWE-125, CWE-121)social engineering / phishing vector
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Solid Edge<V224.0 Update 5224.0 Update 5
Solid Edge<V224.0 Update 2224.0 Update 2
Solid Edge<V224.0 Update 4224.0 Update 4
Remediation & Mitigation
0/6
Do now
0/2Solid Edge
WORKAROUNDDo not open untrusted or unexpected PAR files in Solid Edge; educate users to treat unsolicited files with suspicion
All products
HARDENINGImplement email filtering and controls to block suspicious attachments and phishing attempts before they reach users
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
Solid Edge
HOTFIXUpdate Solid Edge to V224.0 Update 5 or later (fixes CVE-2024-33489, CVE-2024-33490, CVE-2024-33491, CVE-2024-33492, CVE-2024-33493)
HOTFIXUpdate Solid Edge to V224.0 Update 2 or later (fixes CVE-2024-34771, CVE-2024-34773)
HOTFIXUpdate Solid Edge to V224.0 Update 4 or later (fixes CVE-2024-34772)
Long-term hardening
0/1HARDENINGIsolate engineering workstations on a separate network segment from operational technology and production systems
CVEs (8)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e472fdd5-6945-4426-907c-43afbdee4492