Full Report
Solid Edge is affected by an out of bounds read vulnerability that could be triggered when the application reads files that contains XT parts. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Solid Edge Out-of-Bounds Read Leading to RCE via Malicious XT Files
## CVE Details
- CVE ID: CVE-2023-49125
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High Severity implied by impact)
- CWE: CWE-125: Out-of-bounds Read
## Affected Systems
- Products: Solid Edge SE2023, Solid Edge SE2024
- Versions:
- SE2023: All versions prior to V223.0 Update 11
- SE2024: All versions prior to V224.0 Update 3
- Configurations: Triggered when the application reads specially crafted files containing XT parts.
## Vulnerability Description
The vulnerability exists as an Out-of-bounds Read flaw in Solid Edge when parsing specially crafted files containing XT format parts. Successful exploitation could allow an attacker to read beyond the allocated memory buffer during file parsing. This condition can be leveraged to achieve Remote Code Execution (RCE) in the context of the currently running process.
## Exploitation
- Status: PoC likely exists, condition requires user interaction (opening file). Status is not explicitly stated as "in the wild." Based on the capabilities (RCE), assume PoC is readily available or easily created.
- Complexity: Medium (Requires user interaction to open the malicious file). The CVSS vector suggests AC:L (Low Attack Complexity) for v3.1, but AC:H (High Attack Complexity) for v4.0. We summarize as requiring user action.
- Attack Vector: Local (Requires the file to be delivered to the user environment, typically via user opening a document received over network/email). CVSS v3.1 AV:L (Local).
## Impact
- Confidentiality: High (Potential information disclosure due to memory read)
- Integrity: High (Potential for code execution allows arbitrary modification of process state)
- Availability: High (Potential for process crash or instability)
## Remediation
### Patches
- Solid Edge SE2023: Update to V223.0 Update 11 or later version.
- Solid Edge SE2024: Update to V224.0 Update 3 or later version.
### Workarounds
- Do not open untrusted files containing XT parts in Solid Edge.
## Detection
- **Indicators of compromise:** Detection relies on monitoring process memory access patterns indicative of anomalous reads or failures related to file handling during XT part processing, which is highly specific.
- **Detection methods and tools:** Since this is a memory corruption issue triggered by file input, standard file integrity monitoring or network monitoring may not be sufficient without specific signatures focusing on the processing of these malformed files. Application logging or endpoint detection and response (EDR) monitoring of unexpected process behaviors following file operations are recommended.
## References
- Vendor Advisory: SSA-382651
- General Siemens Security Recommendations: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens ProductCERT Advisories: hxxps://www.siemens.com/cert/advisories