File Parsing Vulnerabilities in Parasolid

Plan Patch7.8SSA-853037Nov 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Parasolid contains out-of-bounds read/write vulnerabilities in its X_T file format parser. An attacker can exploit these vulnerabilities by creating a malicious X_T file. If a user opens the file with an affected version of Parasolid, the vulnerability triggers and allows remote code execution in the context of the user's process. Siemens has released patched versions for all affected branches (V34.0, V34.1, and V35.0).

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running Parasolid by tricking a user into opening a malicious X_T format file. This could give the attacker access to CAD designs, process modifications, or the ability to alter component models used in production.

Who's at risk

Engineering and design teams at manufacturing companies using Siemens Parasolid for CAD modeling. This includes facilities that use Parasolid as the solid modeling kernel in NX, Solid Edge, or other Siemens design software. Manufacturing, automotive, aerospace, and equipment OEMs are most at risk.

How it could be exploited

An attacker creates a malicious X_T format file containing out-of-bounds read/write payloads. The file is sent to a Parasolid user (engineer or designer) via email or shared drive. When the user opens the file in Parasolid, the parsing vulnerability triggers and executes arbitrary code in the context of the engineering workstation process. From there, the attacker could steal design data, modify CAD models, or pivot to other systems on your engineering network.

Prerequisites

User must open a malicious X_T format file in Parasolid
User interaction required (social engineering to trick user into opening file)

User interaction required (social engineering)Low complexity attackCould lead to design theft or sabotageAffects engineering workstations with access to production designs

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

Parasolid V34.0< V34.0.25234.0.252

Parasolid V34.0≥ V34.0.252 < V34.0.25434.0.254

Parasolid V34.1< V34.1.24234.1.242

Parasolid V34.1≥ V34.1.242 < V34.1.24434.1.244

Parasolid V35.0< V35.0.17035.0.170

Parasolid V35.0≥ V35.0.170 < V35.0.18435.0.184

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict ability to open untrusted X_T files from external sources or email attachments on engineering workstations

HARDENINGEducate users on not opening X_T files from untrusted sources

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Parasolid V34.0

HOTFIXUpdate Parasolid V34.0 to version 34.0.254 or later

Parasolid V34.1

HOTFIXUpdate Parasolid V34.1 to version 34.1.244 or later

Parasolid V35.0

HOTFIXUpdate Parasolid V35.0 to version 35.0.184 or later

CVEs (2)

CVE-2022-39157 CVE-2022-43397

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/39a9378e-d86f-4f20-ae1a-40e0d9464bff