Siemens Solid Edge

Plan Patch7.8ICS-CERT ICSA-25-100-03Apr 8, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Solid Edge is affected by an out of bounds write vulnerability that could be triggered when the application is parsing X_T data or a specially crafted file in X_T format. If a user opens a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running Solid Edge if a user opens a malicious X_T design file. This could allow the attacker to steal design data, modify CAD designs, or compromise the workstation for lateral movement into the plant network.

Who's at risk

This affects any organization using Siemens Solid Edge SE2024 (prior to Update 12) or SE2025 (prior to Update 3) for CAD design work. Engineering teams and design departments are at risk if they work with X_T format files from external sources or untrusted suppliers.

How it could be exploited

An attacker creates a malicious X_T format CAD file with crafted data that triggers an out of bounds write when parsed by Solid Edge. The attacker sends or hosts this file and social engineers an engineer to open it. When the file is opened, the vulnerability is triggered and arbitrary code runs with the privileges of the Solid Edge process.

Prerequisites

User must open a malicious X_T file using Solid Edge
Local network access to workstation or email delivery capability is sufficient
Vulnerable version of Solid Edge must be installed

Low complexity attack (malicious file open)No authentication requiredHigh impact (remote code execution)Social engineering attack vectorAffects engineering workstations with access to design data

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Solid Edge SE2024<V224.0 Update 12224.0 Update 12

Solid Edge SE2025<V225.0 Update 3225.0 Update 3

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDDo not open untrusted X_T files from external sources or suppliers

WORKAROUNDImplement email filtering to prevent delivery of X_T files from external senders

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Solid Edge SE2024

HOTFIXUpdate Solid Edge SE2024 to V224.0 Update 12 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to V225.0 Update 3 or later

Long-term hardening

0/2

HARDENINGRestrict access to Solid Edge workstations from the internet and untrusted networks

HARDENINGProvide security awareness training to engineering staff on file-based social engineering attacks

CVEs (1)

CVE-2024-54091

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4bd840b2-a4f4-403e-ba09-bd242fb23fdc