X_T File Parsing Vulnerability in Parasolid

Plan Patch7.8SSA-489698May 14, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Parasolid is affected by an out of bounds write vulnerability (CWE-787) triggered when reading X_T format files. If a user opens a malicious X_T file with an affected version, an attacker could execute code in the context of the application process.

What this means

What could happen

An attacker could run arbitrary code on engineering workstations running Parasolid by sending a malicious X_T file, potentially compromising design tools, CAD workflows, and any downstream manufacturing processes that depend on those designs.

Who's at risk

Engineering and design teams using Parasolid CAD software. This affects workstations where engineers design parts and assemblies, particularly in manufacturing, aerospace, automotive, and machinery design sectors. Parasolid is embedded in many commercial CAD systems and design applications.

How it could be exploited

An attacker crafts a malicious X_T format file and tricks a user into opening it in Parasolid. When the application parses the file, the out of bounds write is triggered, allowing the attacker to execute arbitrary code with the privileges of the user running Parasolid.

Prerequisites

User must open a malicious X_T file in Parasolid
Vulnerable version of Parasolid must be installed (V35.1 <256, V36.0 <210, or V36.1 <185)
Social engineering or supply chain delivery of malicious file

requires user interactionaffects design/engineering workstationslow exploit complexityhigh impact (arbitrary code execution)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Parasolid V35.1<V35.1.25635.1.256

Parasolid V36.0<V36.0.21036.0.210

Parasolid V36.1<V36.1.18536.1.185

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement email gateway controls or user training to block or warn users about unexpected X_T file attachments from external sources

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Parasolid V35.1

HOTFIXUpdate Parasolid V35.1 to version 35.1.256 or later

Parasolid V36.0

HOTFIXUpdate Parasolid V36.0 to version 36.0.210 or later

Parasolid V36.1

HOTFIXUpdate Parasolid V36.1 to version 36.1.185 or later

Long-term hardening

0/1

HARDENINGRestrict file open dialogs and network access on engineering workstations to trusted sources only

CVEs (1)

CVE-2024-31980

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e28bba1e-09e4-42b5-b16e-9a2eef0a38f2