Multiple Vulnerabilities in Solid Edge Before SE2024 Update 9
Plan Patch7.8SSA-351178Nov 12, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Solid Edge SE2024 is affected by multiple file parsing vulnerabilities (CWE-125, CWE-427) that can be triggered when reading specially crafted files in PAR or PSM format, and by a DLL hijacking vulnerability. These issues could allow an attacker to crash the application or execute arbitrary code on a workstation running Solid Edge.
What this means
What could happen
An attacker could execute arbitrary code on an engineer's workstation by sending a malicious Solid Edge design file, potentially compromising CAD/design data or using the workstation as a pivot point into the network.
Who's at risk
Design engineers and CAD technicians who use Solid Edge SE2024 for manufacturing design and documentation, particularly in discrete manufacturing, automotive, and heavy equipment sectors. Any organization relying on Solid Edge for product design and documentation management.
How it could be exploited
An attacker sends a specially crafted PAR or PSM file to an engineer. When the engineer opens the file in Solid Edge, the parsing vulnerability or DLL hijacking is triggered, allowing the attacker to run commands with the privileges of the user who opened the file.
Prerequisites
- User must open a malicious Solid Edge design file (PAR or PSM format)
- Solid Edge must be installed on the workstation
- No special privileges or authentication required
remotely exploitable via email or file sharingno authentication requiredlow complexity attackaffects engineering workstations with design data accessDLL hijacking component increases risk on shared systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Solid Edge SE2024All versions < V224.0 Update 9224.0 Update 9
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Solid Edge SE2024 to V224.0 Update 9 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/aabacad3-1222-41b9-bd9c-dade60e37551