Full Report
Parasolid is affected by an out of bounds write vulnerability that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Parasolid X_T File Parsing Out-of-Bounds Write Leading to RCE
## CVE Details
- CVE ID: CVE-2024-31980
- CVSS Score: 7.8 (CVSS v3.1 High) / 7.3 (CVSS v4.0)
- CWE: CWE-787: Out-of-bounds Write
## Affected Systems
- Products: Parasolid (3D geometric modeling tool)
- Versions:
- V35.1: All versions < V35.1.256
- V36.0: All versions < V36.0.210
- V36.1: All versions < V36.1.185
- Configurations: Triggered when the application reads files in X_T format.
## Vulnerability Description
The vulnerability is an Out-of-Bounds Write flaw discovered in the X_T file parsing component of Parasolid. This occurs when the affected application processes a specially crafted X_T part file. Successful exploitation allows an attacker to write data past the end of an allocated buffer, potentially leading to arbitrary code execution.
## Exploitation
- Status: Not explicitly stated as exploited in the wild; vendor advisory released for patching.
- Complexity: Low (based on CVSS vector AV:L/AC:L/PR:N/UI:R - Requires local access or user interaction to open the malicious file).
- Attack Vector: Local/Requires User Interaction (The user must be tricked into opening the malicious file).
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- **Parasolid V35.1:** Update to V35.1.256 or later.
- **Parasolid V36.0:** Update to V36.0.210 or later.
- **Parasolid V36.1:** Update to V36.1.185 or later.
### Workarounds
- Do not open untrusted X_T files in affected Parasolid installations.
## Detection
- **Indicators of Compromise (IoCs):** The advisory does not list specific IoCs but successful exploitation would involve unexpected process behavior or code execution following file parsing.
- **Detection Methods and Tools:** Standard file integrity monitoring around X_T files and behavioral analysis tools watching for anomalous process memory operations during file processing may aid detection.
## References
- Siemens ProductCERT Advisory SSA-489698: hxxps://cert-portal.siemens.com/productcert/html/ssa-489698.html
- Siemens Support Link (For updates): hxxps://support.sw.siemens.com/en-US/product/258316782/