OTPulse
FeedAboutContact

Siemens Parasolid

Plan Patch7.8ICS-CERT ICSA-24-347-04Dec 10, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Parasolid is affected by an out-of-bounds write vulnerability in PAR file parsing. When a user opens a malicious PAR file in Parasolid V36.1 (before 36.1.225), V37.0 (before 37.0.173), or V37.1 (before 37.1.109), an attacker can execute arbitrary code in the context of the application. The vulnerability is triggered during file reading and does not require special privileges or authentication. No remote exploitation is possible; the attacker must deliver the malicious file to the user, typically via email or file sharing.

What this means
What could happen
An attacker could achieve remote code execution on an engineering workstation running Parasolid by tricking a user into opening a malicious PAR file, potentially compromising design data or engineering systems that support your plant operations.
Who's at risk
Engineering teams using Parasolid for CAD/CAM design work on plant equipment, piping systems, or machinery components. This affects workstations running Parasolid V36.1, V37.0, or V37.1 in manufacturing, water treatment, energy production, or any facility where engineers design or modify industrial equipment.
How it could be exploited
An attacker crafts a malicious PAR (Parasolid model) file with out-of-bounds write payload. The attacker sends this file to an engineer via email or file sharing, or places it where the engineer might download it. When the engineer opens the file in Parasolid, the vulnerability triggers arbitrary code execution in the application's memory space with the engineer's privileges.
Prerequisites
  • User interaction required: engineer must open a malicious PAR file
  • Parasolid application must be installed and running
  • Attacker must be able to deliver the malicious file to the target user (email, file share, etc.)
Code execution as logged-in userRequires user interaction (opening file)No authentication needed to triggerLow attack complexityAffects engineering design tools that support OT systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Parasolid V36.1<V36.1.22536.1.225
Parasolid V37.0<V37.0.17337.0.173
Parasolid V37.1<V37.1.10937.1.109
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDDo not open untrusted or unexpected PAR files in Parasolid, particularly from unsolicited email or unknown sources
HARDENINGEducate engineers on email scams and social engineering tactics used to distribute malicious files
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

Parasolid V36.1
HOTFIXUpdate Parasolid V36.1 to version 36.1.225 or later
Parasolid V37.0
HOTFIXUpdate Parasolid V37.0 to version 37.0.173 or later
Parasolid V37.1
HOTFIXUpdate Parasolid V37.1 to version 37.1.109 or later
All products
HARDENINGImplement file transfer controls and email filtering to block suspicious PAR files from reaching engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e82f1bbd-6260-4f64-b479-894ea465d1b8
Siemens Parasolid | CVSS 7.8 - OTPulse