Siemens Solid Edge

Plan PatchCVSS 7.8ICS-CERT ICSA-24-137-09May 14, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge contains multiple memory corruption vulnerabilities (CWE-122, CWE-125, CWE-121) in its PAR file parser. When a user opens a specially crafted PAR file, the application may crash or allow arbitrary code execution in the context of the current user. The vulnerabilities are triggered during file parsing and affect versions prior to V224.0 Update 2, Update 4, or Update 5 depending on the specific CVE. Exploitation requires user interaction (opening a malicious file) and is not remotely exploitable.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation if a user is tricked into opening a malicious PAR (part) file in Solid Edge, potentially compromising design data, credentials, or project files stored on that system.

Who's at risk

This affects engineering teams and design departments at any manufacturing or product development organization that uses Siemens Solid Edge CAD software. It is particularly relevant to utilities, manufacturers, and infrastructure operators who use Solid Edge for equipment design and documentation. The vulnerability targets workstations, not directly the operational control systems themselves, but compromised engineering workstations could be a stepping stone to access critical design data or deploy malware to connected networks.

How it could be exploited

An attacker crafts a malicious PAR file and tricks a user (via email, file sharing, or social engineering) into opening it in Solid Edge. The application parses the file, triggers a memory corruption vulnerability (buffer overflow or out-of-bounds read), and the attacker's code runs with the privileges of the Solid Edge process and logged-in user.

Prerequisites

User must open a malicious PAR file in Solid Edge
User interaction required (social engineering or phishing to deliver the file)
Vulnerable version of Solid Edge must be installed

requires user interaction (file opening)low complexity attackaffects engineering/IT workstations (not directly OT)memory corruption vulnerabilities (CWE-122, CWE-125, CWE-121)social engineering / phishing vector

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Solid Edge<V224.0 Update 5224.0 Update 5

Solid Edge<V224.0 Update 2224.0 Update 2

Solid Edge<V224.0 Update 4224.0 Update 4

Remediation & Mitigation

0/6

Do now

0/2

Solid Edge

WORKAROUNDDo not open untrusted or unexpected PAR files in Solid Edge; educate users to treat unsolicited files with suspicion

All products

HARDENINGImplement email filtering and controls to block suspicious attachments and phishing attempts before they reach users

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Solid Edge

HOTFIXUpdate Solid Edge to V224.0 Update 5 or later (fixes CVE-2024-33489, CVE-2024-33490, CVE-2024-33491, CVE-2024-33492, CVE-2024-33493)

HOTFIXUpdate Solid Edge to V224.0 Update 2 or later (fixes CVE-2024-34771, CVE-2024-34773)

HOTFIXUpdate Solid Edge to V224.0 Update 4 or later (fixes CVE-2024-34772)

Long-term hardening

0/1

HARDENINGIsolate engineering workstations on a separate network segment from operational technology and production systems

CVEs (8)

CVE-2024-33489 CVE-2024-33490 CVE-2024-33491 CVE-2024-33492 CVE-2024-33493 CVE-2024-34771 CVE-2024-34772 CVE-2024-34773

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e472fdd5-6945-4426-907c-43afbdee4492

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.