Full Report
NX (incl. NX student versions) before V2406.3000 contains an out-of-bounds read vulnerability that could be triggered when the application reads PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. Siemens has released a new version for NX and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Out-of-Bounds Read in Siemens NX PRT File Parsing
## CVE Details
- CVE ID: CVE-2024-41908
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High)
- CWE: CWE-125: Out-of-bounds Read
## Affected Systems
- Products: Siemens NX (including NX student versions)
- Versions: All versions before V2406.3000
- Configurations: Triggered when opening malicious PRT files.
## Vulnerability Description
The affected versions of Siemens NX contain an out-of-bounds read vulnerability discovered during the parsing of specially crafted PRT files. Successful exploitation allows an attacker to read data outside of the intended memory buffer, which could result in a denial of service (crash) or potentially lead to arbitrary code execution within the context of the application process.
## Exploitation
- Status: PoC likely available (Implied by severity and typical disclosure patterns, though not explicitly stated as "in the wild").
- Complexity: Medium (Requires user interaction to open a malicious file).
- Attack Vector: Local (Requires the user to open the file locally/internally).
## Impact
- Confidentiality: High (Potential for information disclosure due to out-of-bounds read, leading to code execution potentially extracting larger amounts of data).
- Integrity: High (Potential for arbitrary code execution allows modification of system state).
- Availability: High (Confirmed to cause application crash/DoS).
## Remediation
### Patches
- Update Siemens NX to version **V2406.3000** or a later version.
### Workarounds
- Do not open untrusted PRT files sourced from unknown or unverified sources.
- Follow general security recommendations provided by Siemens, including protecting network access to devices.
## Detection
- Detection primarily relies on monitoring for file opening events involving untrusted PRT files.
- Specific forensic indicators related to out-of-bounds reads/crashes occurring during file parsing operations in NX processes should be investigated.
## References
- Vendor Advisory: SSA-357412 (Siemens ProductCERT)
- Siemens Support Link for Updates: hxxps://support.sw.siemens.com/product/209349590/
- Siemens General Security Guidelines: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security