Full Report
Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid Edge SE2025 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens Solid Edge
## CVE Details
- **CVE ID:** CVE-2025-40739, CVE-2025-40740, CVE-2025-40741
- **CVSS Score:** 7.8 (High) - CVSS v3.1 | 7.3 (High) - CVSS v4.0
- **CWE:** CWE-125 (Out-of-bounds Read), CWE-121 (Stack-based Buffer Overflow)
## Affected Systems
- **Products:** Siemens Solid Edge SE2025
- **Versions:** All versions prior to V225.0 Update 5
- **Configurations:** Systems where users open CAD/Configuration files (PAR or CFG) from potentially untrusted sources.
## Vulnerability Description
Solid Edge is subject to multiple memory corruption vulnerabilities triggered during the parsing of specific file formats.
* **CVE-2025-40739 & CVE-2025-40740 (Out-of-Bounds Read):** Occur when the application reads past the end of an allocated buffer while parsing specially crafted `.PAR` files.
* **CVE-2025-40741 (Stack-based Buffer Overflow):** Occurs when the application processes specially crafted `.CFG` files, leading to a stack overflow.
These flaws originate from insufficient validation of input data within the file's structure, which can be leveraged to corrupt memory and redirect process execution.
## Exploitation
- **Status:** Not exploited in the wild (Coordinated disclosure via Michael Heinzl).
- **Complexity:** Low (CVSS v3.1) / Medium (CVSS v4.0).
- **Attack Vector:** Local. Exploitation requires user interaction (UI:R), meaning an attacker must trick a user into opening a malicious file.
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution and data theft)
- **Integrity:** High (Potential for unauthorized modification of system files)
- **Availability:** High (Can lead to application crashes or full system compromise)
## Remediation
### Patches
- **Solid Edge SE2025:** Update to **V225.0 Update 5** or later.
### Workarounds
- **File Handling:** Do not open untrusted `.PAR` or `.CFG` files from unknown or suspicious sources.
- **Access Control:** Restrict network access to engineering workstations using appropriate firewalls and segmentation.
- **Operational Guidelines:** Adhere to Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening PAR or CFG files; unusual outbound network traffic from the `solidedge.exe` process.
- **Detection Methods:** Deploy Endpoint Detection and Response (EDR) tools to monitor for suspicious child processes spawned by Solid Edge or unauthorized memory access attempts.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-091753[.]html
- **Support Portal:** hxxps://support[.]sw[.]siemens[.]com/product/246738425/
- **Siemens Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security