Full Report
Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of service in the context of the current process. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Memory Corruption in Parasolid and Teamcenter Visualization via X\_T File Parsing
## CVE Details
- CVE ID: Multiple (CVE-2023-38524 through CVE-2023-38532)
- CVSS Score: Highest identified is **7.8** (CVSS v3.1) / **7.3** (CVSS v4.0) (For RCE/High Impact CVEs)
- CWE: CWE-125: Out-of-bounds Read Vulnerability (Specific to CVE-2023-38532) and CWE-770: Allocation of Resources Without Limits or Throttling (Specific to CVE-2023-38532). Range of memory corruption CWEs implied across the set.
## Affected Systems
- Products: Parasolid and Teamcenter Visualization
- Versions:
- **Parasolid V34.1**: All versions < V34.1.258
- **Parasolid V35.0**: All versions < V35.0.254
- **Parasolid V35.1**: All versions < V35.1.171 (for a subset of CVEs) and All versions < V35.1.197 (for CVE-2023-38528)
- **Teamcenter Visualization**: Affected versions are listed in detail in the advisory, including specific fixes for V14.1, V14.2, V14.3, and V2312. (Specific versions are not fully enumerated here due to table truncation, refer to vendor advisory).
- Configurations: Vulnerabilities are triggered when the application reads specially crafted files in **X\_T format**.
## Vulnerability Description
The affected applications (Parasolid and Teamcenter Visualization) suffer from multiple memory corruption vulnerabilities during the parsing of X\_T files. These flaws, including out-of-bounds reads and potential stack exhaustion, can be triggered by processing a malicious file. This allows an attacker achieving a successful trigger to execute arbitrary code or cause a denial of service (DoS) within the context of the application process.
## Exploitation
- Status: **Exploitation in the wild** is not explicitly stated, but the description implies the capability for RCE, and specific CVEs show an Exploitability subscore indicative of potential remote risk if the UI interaction barrier is overcome. (CVSS E:P - Proof-of-Concept exists or is feasible based on the vector attributes stated for the high-impact CVEs).
- Complexity: **Low** (AC:L/AV:L for core vectors, implying low attack complexity once an attacker can deliver the file).
- Attack Vector: **Local (AV:L)** is implied by the vector strings focusing on needing the user to interact with a file, although network delivery is possible to trick a user. (AV:L/UI:R components suggest a user must open the file).
## Impact
- Confidentiality: **High (H)** (Implied by RCE potential for the high-scoring CVEs)
- Integrity: **High (H)** (Implied by RCE potential for the high-scoring CVEs)
- Availability: **High (H) / Low (L)** (High for RCE; Lower for DoS-only flaws like CVE-2023-38532)
## Remediation
### Patches
* **Parasolid V34.1**: Update to **V34.1.258 or later**.
* **Parasolid V35.0**: Update to **V35.0.254 or later**.
* **Parasolid V35.1**: Update to **V35.1.171 or later** (for applicable set) or **V35.1.197 or later** (for CVE-2023-38528).
* **Teamcenter Visualization**: Updates are available for V14.1, V14.2, V14.3, and V2312. Users must consult the advisory for precise patch versions.
### Workarounds
Siemens recommends specific countermeasures for products where fixes are not or not yet available. Users must check the "Workarounds and Mitigations" section of the original advisory for details on these temporary measures, likely involving restricting X\_T file opening capabilities or running the application in a less privileged context.
## Detection
- Indicators of compromise would likely involve viewing application crash reports or unusual process activity associated with Parasolid or Teamcenter Visualization immediately following the opening of an X\_T file.
- Detection methods should focus on monitoring file type association enforcement and restricting the ingestion of untrusted X\_T files, especially those received via untrusted channels (email, external ports).
## References
- Vendor Advisories: SSA-407785 (Updated V1.3, August 13, 2024)
- Relevant Links:
- hxxps://cert-portal.siemens.com/productcert/html/ssa-407785.html
- hxxps://www.siemens.com/cert/advisories
- hxxps://www.siemens.com/terms_of_use