Siemens Solid Edge SE2024

Plan Patch7.8ICS-CERT ICSA-24-347-07Dec 10, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens Solid Edge SE2024 contains file parsing vulnerabilities (CVE-2024-54093, CVE-2024-54094, CVE-2024-54095) in handling of malicious PAR and ASM files. When a user opens a specially crafted PAR or ASM file, the application may crash or execute arbitrary code. The vulnerabilities are caused by buffer overflow (CWE-122) and integer underflow (CWE-191) flaws in the file parsing logic. These are not remotely exploitable; they require user interaction to open a malicious file.

What this means

What could happen

A user who opens a malicious PAR or ASM file in Solid Edge could experience application crashes or arbitrary code execution on their engineering workstation, potentially compromising design data and allowing an attacker to modify plant drawings or steal intellectual property.

Who's at risk

Engineering departments using Siemens Solid Edge SE2024 for plant design, process modeling, or equipment documentation. This affects design engineers and CAD operators who may receive or access PAR (Parasolid) and ASM (assembly) files from external sources, suppliers, or untrusted repositories.

How it could be exploited

An attacker sends a malicious PAR or ASM file (typically via email or file share) to an engineer. When the engineer opens the file in affected versions of Solid Edge, the file parser processes malicious content that triggers a buffer overflow or integer underflow, crashing the application or executing arbitrary code with the user's privileges.

Prerequisites

User must open a malicious PAR or ASM file
User must be running Siemens Solid Edge SE2024 with version prior to Update 5 (for CVE-2024-54093, CVE-2024-54094) or prior to Update 10 (for CVE-2024-54095)
Attacker must trick user into opening the malicious file (social engineering required)

User interaction required (file open)Local execution onlyNo authentication required after file is openedBuffer overflow and integer underflow vulnerabilitiesAffects engineering workstations with access to design data

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Solid Edge SE2024<V224.0 Update 5224.0 Update 5

Solid Edge SE2024<V224.0 Update 10224.0 Update 10

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDo not open untrusted or unexpected ASM files in affected Solid Edge versions

WORKAROUNDDo not open untrusted or unexpected PAR files in affected Solid Edge versions

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Solid Edge SE2024

HOTFIXUpdate Solid Edge SE2024 to version 224.0 Update 5 or later (addresses CVE-2024-54093 and CVE-2024-54094)

HOTFIXUpdate Solid Edge SE2024 to version 224.0 Update 10 or later (addresses CVE-2024-54095)

Long-term hardening

0/1

HARDENINGTrain engineering staff to recognize and reject suspicious file attachments and file shares, especially PAR and ASM files from unknown sources

CVEs (3)

CVE-2024-54093 CVE-2024-54094 CVE-2024-54095

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8e041243-65ef-41ba-9dba-841416d15b75