Siemens Solid Edge

Plan PatchCVSS 7.8ICS-CERT ICSA-24-319-05Nov 12, 2024

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Solid Edge SE2024 contains multiple vulnerabilities in file parsing and DLL loading. When the application reads specially crafted PAR (part/assembly) or PSM (part sheet metal) files, it can be crashed or exploited to execute arbitrary code. A DLL hijacking vulnerability is also present. These vulnerabilities require local access and user action (opening a malicious file) to exploit. Siemens has released a fix in version 224.0 Update 9.

What this means

What could happen

An attacker with local access who tricks a user into opening a specially crafted PAR or PSM file could crash Solid Edge or execute arbitrary code with the privileges of the user running the application.

Who's at risk

Engineering and design teams using Solid Edge SE2024 for CAD modeling should be aware of this vulnerability. Organizations in manufacturing, infrastructure design, and product development are affected, particularly those where Solid Edge users may receive design files from external partners or unverified sources.

How it could be exploited

An attacker crafts a malicious PAR or PSM file and delivers it to a user (e.g., via email or file sharing). When the user opens the file in Solid Edge, the application parses the file without proper validation, triggering a buffer overflow or DLL hijacking that allows code execution on the local system.

Prerequisites

Local system access or ability to deliver a file to the target user
User must open the malicious PAR or PSM file in Solid Edge
Affected version of Solid Edge SE2024 (prior to Update 9)

Local exploitation requiredUser interaction required (must open malicious file)Low complexity attackDLL hijacking mechanismFile parsing vulnerabilities

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Solid Edge SE2024<V224.0 Update 9224.0 Update 9

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDDo not open untrusted PAR files in Solid Edge

WORKAROUNDDo not open untrusted PSM files in Solid Edge

HARDENINGEducate users not to open file attachments from untrusted sources, especially PAR and PSM files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solid Edge SE2024 to version 224.0 Update 9 or later

CVEs (3)

CVE-2024-47940 CVE-2024-47941 CVE-2024-47942

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a88238b9-3597-4dba-bb8d-7699fddb66ed

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.