Full Report
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as X_B, DWG, DXF, STL, STP, SLDPRT and PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to crash the application, extract data or potentially lead to arbitrary code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens Solid Edge
## CVE Details
- **CVE ID:** CVE-2021-32936, CVE-2021-32938, CVE-2022-46345 through CVE-2022-46349, CVE-2023-22295, CVE-2023-22321, CVE-2023-22354, CVE-2023-22669, CVE-2023-22670, CVE-2023-22846, CVE-2023-23579, CVE-2023-24549 through CVE-2023-24566, CVE-2023-24581, CVE-2023-25140 (and others referenced in the advisory).
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-787 (Out-of-bounds Write), CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:** Siemens Solid Edge (CAD software portfolio)
- **Versions:**
- **Solid Edge SE2022:** All versions < V222.0MP12
- **Solid Edge SE2023:** All versions < V223.0Update2
- **Configurations:** Systems where users open CAD files from untrusted sources.
## Vulnerability Description
Solid Edge relies on several third-party libraries (including Open Design Alliance Drawings SDK and Datakit CrossCadWare) to parse various CAD file formats. Multiple memory corruption vulnerabilities exist within these parsers. Specifically:
- **Out-of-bounds Write:** Triggered by specially crafted DXF or other files, allowing data to be written past allocated buffer boundaries.
- **Out-of-bounds Read:** Triggered during the parsing of DWG or other formats, allowing unauthorized memory access.
The flaws occur because the application does not properly validate the structure and size of input data within the X_B, DWG, DXF, STL, STP, SLDPRT, and PAR formats.
## Exploitation
- **Status:** PoC available (Evidence Code "E:P" in CVSS vector suggests functional proof-of-concept exists). Not currently reported as exploited in the wild.
- **Complexity:** Low
- **Attack Vector:** Local (Requires User Interaction; an attacker must trick a user into opening a malicious file).
## Impact
- **Confidentiality:** High (Potential data extraction from memory).
- **Integrity:** High (Potential for Arbitrary Code Execution).
- **Availability:** High (Application crash/Denial of Service).
## Remediation
### Patches
- **Solid Edge SE2022:** Update to **V222.0MP12** or later.
- **Solid Edge SE2023:** Update to **V223.0Update2** or later.
- *Note: Some SE2022 vulnerabilities have no planned fix; users are urged to migrate to newer versions or apply workarounds.*
### Workarounds
- **Restrict File Sources:** Do not open untrusted or unsolicited X_B, DWG, DXF, STL, STP, SLDPRT, and PAR files.
- **General Hardening:** Protect network access and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening specific CAD files; unusual outbound network traffic from the Solid Edge process.
- **Detection Methods:** Use Endpoint Detection and Response (EDR) tools to monitor for suspicious child processes or memory anomalies when Solid Edge parses external files.
## References
- **Vendor Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-491245.html
- **Support Portal:** hxxps://support.sw.siemens[.]com/
- **Third-Party Info:** hxxps://www.opendesign[.]com/security-advisories