Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-24-319-05Nov 12, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge SE2024 is affected by multiple file parsing vulnerabilities (CWE-125, CWE-427) and a DLL hijacking vulnerability. These can be triggered when the application opens specially crafted files in PAR or PSM formats. Exploitation could result in application crash or arbitrary code execution. The vulnerabilities are local to the workstation where Solid Edge runs and require user interaction to open a malicious file.

What this means

What could happen

An attacker who tricks a user into opening a specially crafted design file (PAR or PSM format) in Solid Edge could crash the application or execute arbitrary code with the privileges of the user running the application, potentially compromising the engineering workstation and any connected networks.

Who's at risk

This affects organizations that use Siemens Solid Edge for design and engineering work, particularly those where engineering workstations connect to or are near OT networks. The vulnerability primarily impacts the engineering and design team workflow rather than direct operational processes, but a compromised engineering workstation could be used as a pivot point to attack connected control systems or to modify designs before they are deployed.

How it could be exploited

An attacker sends a specially crafted PAR or PSM file to a Solid Edge user via email or another delivery method. When the user opens the file in Solid Edge, the application parses the malicious content and either crashes or executes arbitrary code. A DLL hijacking vulnerability could also be triggered if the attacker can place a malicious DLL in a location where Solid Edge searches for libraries.

Prerequisites

User interaction required—victim must open a malicious PAR or PSM file in Solid Edge
For DLL hijacking: attacker must be able to write files to a directory where Solid Edge searches for DLLs (may require local access or write permissions on shared network paths)

Requires user interactionLow complexity attackCould lead to arbitrary code execution on engineering workstationDefault attack vector is email/social engineering

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge SE2024<V224.0 Update 9224.0 Update 9

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDo not open untrusted or unexpected PSM files from external sources

WORKAROUNDDo not open untrusted or unexpected PAR files from external sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2024 to version 224.0 Update 9 or later

Long-term hardening

0/2

HARDENINGImplement user awareness training on phishing and social engineering attacks designed to distribute malicious files

HARDENINGIsolate engineering workstations from the business network and restrict lateral movement access

CVEs (3)

CVE-2024-47940 CVE-2024-47941 CVE-2024-47942

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a88238b9-3597-4dba-bb8d-7699fddb66ed