Full Report
Solid Edge is affected by an out of bounds write vulnerability that could be triggered when the application is parsing X_T data or a specially crafted file in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Out of Bounds Write in Siemens Solid Edge Leading to RCE
## CVE Details
- CVE ID: CVE-2024-54091
- CVSS Score: 7.8 (CVSS v3.1) / 7.3 (CVSS v4.0) (High severity)
- CWE: CWE-787: Out-of-bounds Write
## Affected Systems
- Products: Solid Edge
- Versions:
- Solid Edge SE2024: All versions < V224.0 Update 12
- Solid Edge SE2025: All versions < V225.0 Update 3
- Configurations: Triggered when parsing X_T data or a specially crafted file in X_T format.
## Vulnerability Description
The vulnerability is an Out-of-Bounds Write flaw occurring in Siemens Solid Edge during the parsing of X_T data or specially crafted files in the X_T format. Successful exploitation allows an attacker to write data outside the bounds of an allocated buffer, which could potentially lead to arbitrary code execution in the context of the current process.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC is implied by the CVSS vector regarding user interaction.
- Complexity: Medium (CVSS v3.1 vector suggests User Interaction (UI:R) and Local attack vector (AV:L)). CVSS v4.0 suggests High Attack Complexity (AC:H).
- Attack Vector: Local (AV:L) - Requires the user to open a malicious file.
## Impact
- Confidentiality: High (`C:H`)
- Integrity: High (`I:H`)
- Availability: High (`A:H`)
## Remediation
### Patches
- **Solid Edge SE2024:** Update to V224.0 Update 12 or later version.
- **Solid Edge SE2025:** Update to V225.0 Update 3 or later version.
### Workarounds
- Do not open untrusted X_T files or provide untrusted X_T data to affected Solid Edge applications.
- Apply general security recommendations provided by Siemens concerning network access protections and operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Monitoring for abnormal process behavior or memory corruption events originating from Solid Edge processes handling untrusted X_T files.
- **Detection Methods and Tools:** Utilize file integrity monitoring and endpoint detection and response (EDR) tools capable of monitoring process memory access anomalies, particularly around file parsing operations involving `.x_t` extensions from untrusted sources.
## References
- Vendor Advisory: SSA-672923 (Siemens ProductCERT)
- Siemens Support Links: hxxps://support.sw.siemens.com/product/246738425/
- General Security Recommendations: hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- Siemens Industrial Security Information: hxxps://www.siemens.com/industrialsecurity