Full Report
Parasolid is affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the out of bounds read vulnerabilities to perform remote code execution in the context of the current process or denial of service condition in the application. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Parasolid X_T File Parsing Vulnerabilities (Out-of-Bounds Read and Null Pointer Dereference)
## CVE Details
- CVE ID: CVE-2024-32635, CVE-2024-32636, CVE-2024-32637
- CVSS Score: 7.8 (CVSS v3.1, High Severity for CVE-2024-32635/32636); 3.3 (CVSS v3.1, Low Severity for CVE-2024-32637)
- CWE: CWE-125 (Out-of-bounds Read for CVE-2024-32635/32636), CWE-476 (NULL Pointer Dereference for CVE-2024-32637)
## Affected Systems
- Products: Parasolid (3D geometric modeling tool)
- Versions:
- Parasolid V35.1: All versions < V35.1.256
- Parasolid V36.0: All versions < V36.0.208
- Parasolid V36.1: All versions < V36.1.173
- Configurations: Triggered when the application reads specially crafted files in X\_T format.
## Vulnerability Description
The Parasolid component contains vulnerabilities originating from processing specifically crafted X\_T files:
1. **CVE-2024-32635 & CVE-2024-32636 (Out-of-Bounds Read):** Errors during X\_T file parsing, specifically an out-of-bounds read past unmapped memory or past the end of an allocated structure. This can potentially lead to Remote Code Execution (RCE) in the context of the current process.
2. **CVE-2024-32637 (Null Pointer Dereference):** An error during X\_T file parsing results in a null pointer dereference, leading to application crashes and a Denial of Service (DoS) condition.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC availability is implied given the clear risk description (RCE/DoS).
- Complexity: Both CVE-2024-32635 and CVE-2024-32636 list an Attack Complexity (AC) of Low in CVSS v3.1, suggesting exploitation might be relatively straightforward once an attacker crafts the file.
- Attack Vector: Local (L) or User Interaction (UI:R) required to open the malicious file. RCE/DoS is achieved in the **context of the current process** after the file is opened.
## Impact
- Confidentiality: High (for RCE vulnerabilities CVE-2024-32635/32636)
- Integrity: High (for RCE vulnerabilities CVE-2024-32635/32636)
- Availability: Low/High (Low for CVE-2024-32637 DoS, High if RCE leads to system compromise)
## Remediation
### Patches
Users must update to the following minimum versions:
- Parasolid V35.1: Update to **V35.1.256** or later.
- Parasolid V36.0: Update to **V36.0.208** or later.
- Parasolid V36.1: Update to **V36.1.173** or later.
### Workarounds
- **Primary Mitigation:** Do not open untrusted X\_T files in applications utilizing the affected Parasolid component.
- Follow general security recommendations from Siemens, including protecting network access to underlying devices.
## Detection
- Due to the nature of the vulnerability (local file parsing), detection efforts should focus on application endpoints where Parasolid is used.
- **Indicators of Compromise:** Application crashes (DoS) or unexpected process activity following the opening of an X\_T file by an end-user.
- **Detection Methods:** Monitoring for attempts to pass specially crafted X\_T files into the parsing pipeline, though this relies on visibility into file ingestion processes.
## References
- Vendor Advisory: SSA-046364
- General Siemens Security Info: hxxps://www.siemens.com/cert/advisories
- Siemens Industrial Security Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security