Full Report
Siemens Solid Edge 2023 has released Update 10, that fixes multiple vulnerabilities that could be triggered when the application reads PAR files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. Siemens has released a new version for Solid Edge SE2023 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple Memory Corruption Flaws in Siemens Solid Edge PAR File Parsing
## CVE Details
- **CVE IDs**: CVE-2023-49121, CVE-2023-49122, CVE-2023-49123, CVE-2023-49124, CVE-2023-49126, CVE-2023-49127, CVE-2023-49129, CVE-2023-49130, CVE-2023-49131, CVE-2023-49132
- **CVSS Score**: 7.8 (High)
- **CWE**: CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Overflow), CWE-125 (Out-of-bounds Read), CWE-824 (Access of Uninitialized Pointer)
## Affected Systems
- **Products**: Siemens Solid Edge SE2023
- **Versions**: All versions prior to V223.0 Update 10
- **Configurations**: Systems where Solid Edge is used to open and process PAR (Part) files.
## Vulnerability Description
Multiple memory safety vulnerabilities exist in how Siemens Solid Edge 2023 parses PAR files. The flaws include heap and stack-based buffer overflows, out-of-bounds reads, and uninitialized pointer access. These vulnerabilities occur when the application processes a specially crafted PAR file, leading to memory corruption.
## Exploitation
- **Status**: PoC available (Exploit Code Maturity is "Functional" based on the CVSS Vector `E:P`).
- **Complexity**: Low
- **Attack Vector**: Local (Requires a user to open a malicious file)
- **User Interaction**: Required (The user must be tricked into opening a malicious PAR file).
## Impact
- **Confidentiality**: High (Potential to read sensitive memory or execute code to steal data)
- **Integrity**: High (Potential for arbitrary code execution)
- **Availability**: High (Application crash or total system compromise)
## Remediation
### Patches
- **Solid Edge SE2023**: Update to **V223.0 Update 10** or later.
### Workarounds
- **File Handling**: Avoid opening untrusted or suspicious PAR files from unknown sources.
- **Access Control**: Restrict network access to critical systems and operate within a protected IT environment.
## Detection
- **Indicators of Compromise**: Unexpected application crashes in `Edge.exe` when opening PAR files; unusual outbound network traffic from Solid Edge processes.
- **Detection methods and tools**: Monitor for file-based threats using Endpoint Detection and Response (EDR) tools; validate the version of Solid Edge installed via asset management software.
## References
- **Siemens Advisory**: hxxps://cert-portal.siemens[.]com/productcert/html/ssa-589891.html
- **Solid Edge Portal**: hxxps://solidedge.siemens[.]com/
- **Industrial Security Guidelines**: hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security