Full Report
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code. Siemens has released an update for Solid Edge SE2023 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple File Parsing Flaws in Siemens Solid Edge
## CVE Details
- **CVE IDs:**
- **Out-of-bounds Write:** CVE-2023-39181, CVE-2023-39419
- **Out-of-bounds Read:** CVE-2023-39182, CVE-2023-39183, CVE-2023-39184, CVE-2023-39185, CVE-2023-39186, CVE-2023-39187, CVE-2023-39188
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-787 (Out-of-bounds Write), CWE-125 (Out-of-bounds Read)
## Affected Systems
- **Products:** Siemens Solid Edge SE2023
- **Versions:** All versions prior to V223.0 Update 7
- **Configurations:** Systems where the application is used to open 3D design and simulation files.
## Vulnerability Description
Solid Edge is subject to multiple memory corruption vulnerabilities. These flaws occur when the application incorrectly parses specially crafted files in **DFT, PAR, or PSM** formats. Specifically, the software fails to properly validate the boundaries of allocated buffers or structures, leading to out-of-bounds reads or writes. An attacker can use these flaws to corrupt memory and potentially gain control over the instruction pointer.
## Exploitation
- **Status:** PoC available (indicated by CVSS "E:P" - Functional exploit exists) / Not currently exploited in the wild.
- **Complexity:** Low
- **Attack Vector:** Local (Requires a user to open a malicious file).
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution and data theft).
- **Integrity:** High (Potential for unauthorized modification of data or system files).
- **Availability:** High (Can lead to application crashes and denial of service).
## Remediation
### Patches
- **Solid Edge SE2023:** Update to **V223.0 Update 7** or later.
- Patches can be downloaded via the Siemens Support Center: hxxps://support[.]sw[.]siemens[.]com/
### Workarounds
- **Strict File Handling:** Avoid opening untrusted or unsolicited files (DFT, PAR, PSM) from unknown sources.
- **General Hardening:** Protect network access and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes when opening specific CAD files.
- **Detection Methods:**
- Monitor for unusual process behavior in `Edge.exe`.
- Use endpoint detection and response (EDR) tools to identify attempts at memory buffer manipulation or suspicious child process spawning from Solid Edge.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-811403[.]html
- **Siemens Industrial Security:** hxxps://www[.]siemens[.]com/industrialsecurity
- **CWE Definitions:** hxxps://cwe[.]mitre[.]org/