Full Report
Parasolid is affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in XT format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: XT File Parsing Vulnerability in Parasolid
## CVE Details
- **CVE ID:** CVE-2023-49125, CVE-2024-22043
- **CVSS Score:**
- CVE-2023-49125: 7.8 (High) [CVSS v3.1] / 7.3 [CVSS v4.0]
- CVE-2024-22043: 3.3 (Low) [CVSS v3.1] / 4.8 [CVSS v4.0]
- **CWE:**
- CWE-125: Out-of-bounds Read (CVE-2023-49125)
- CWE-476: NULL Pointer Dereference (CVE-2024-22043)
## Affected Systems
- **Products:** Siemens Parasolid (3D geometric modeling engine)
- **Versions:**
- **Parasolid V35.0:** All versions < V35.0.263 (CVE-2023-49125); All versions < V35.0.251 (CVE-2024-22043)
- **Parasolid V35.1:** All versions < V35.1.252 (CVE-2023-49125); All versions < V35.1.170 (CVE-2024-22043)
- **Parasolid V36.0:** All versions < V36.0.198 (CVE-2023-49125)
- **Configurations:** Systems running applications that utilize the Parasolid engine to parse XT format files.
## Vulnerability Description
The vulnerabilities exist within the logic used to parse XT format files.
- **CVE-2023-49125:** An out-of-bounds read occurs when the application reads past the end of an allocated structure. This can be triggered by a specially crafted XT file and may lead to information disclosure or Remote Code Execution (RCE).
- **CVE-2024-22043:** A null pointer dereference occurs during the parsing of malicious XT files, typically leading to an application crash and a Denial of Service (DoS) condition.
## Exploitation
- **Status:** Proof of Concept (PoC) available (denoted by "E:P" in the CVSS vector). Not currently reported as exploited in the wild.
- **Complexity:** Low (CVSS v3.1) / High (CVSS v4.0 for CVE-2023-49125 due to technical requirements for RCE).
- **Attack Vector:** Local (Requires a user to open a malicious file).
## Impact
- **Confidentiality:** High (CVE-2023-49125) / None (CVE-2024-22043)
- **Integrity:** High (CVE-2023-49125) / None (CVE-2024-22043)
- **Availability:** High (CVE-2023-49125) / Low (CVE-2024-22043)
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **Parasolid V35.0:** Update to V35.0.263
- **Parasolid V35.1:** Update to V35.1.252
- **Parasolid V36.0:** Update to V36.0.198
### Workarounds
- **Restrict File Sources:** Do not open XT files from untrusted or unknown sources.
- **Defense in Depth:** Apply general industrial security operational guidelines, including restricting network access to critical systems.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (Access Violations) when opening XT files.
- **Detection methods:** Software inventory tools can be used to identify vulnerable versions of the Parasolid binaries (e.g., `pskernel.dll`).
## References
- **Vendor Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/pdf/ssa-797296[.]pdf
- **Siemens Support:** hxxps[://]support[.]sw[.]siemens[.]com/en-US/product/258316782/
- **Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security