Full Report
Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code. Siemens has released updates for the affected products and recommends to update to the latest versions. Note: This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0] [0] https://www.opendesign.com/security-advisories
Analysis Summary
# Vulnerability: Use-After-Free in Open Design Alliance Drawings SDK (Solid Edge)
## CVE Details
- **CVE ID:** CVE-2023-26495
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-416 (Use After Free)
## Affected Systems
- **Products:** Siemens Solid Edge SE2023
- **Versions:** All versions prior to V223.0 Update 5
- **Configurations:** Systems utilizing the Open Design Alliance (ODA) Drawings SDK for parsing DWG files.
## Vulnerability Description
The vulnerability exists within the Open Design Alliance (ODA) Drawings SDK (versions prior to 2024.1) used by Solid Edge. The flaw is a **Use-After-Free** issue that occurs during the parsing of specially crafted DWG files. When the application attempts to access memory that has been previously freed, it can lead to memory corruption, resulting in an application crash or potentially the execution of arbitrary code when chained with other vulnerabilities.
## Exploitation
- **Status:** PoC available (CVSS Exploit Code Maturity: "Proof-of-Concept")
- **Complexity:** Low
- **Attack Vector:** Local (Requires user interaction to open a malicious file)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- **Solid Edge SE2023:** Update to **V223.0 Update 5** or later. Patches can be found via the Siemens Support portal: hxxps://support[.]sw[.]siemens[.]com/
### Workarounds
- **File Handling:** Avoid opening untrusted or suspicious DWG files from unknown sources.
- **General Security:** Implement general network protection and follow Siemens' operational guidelines for Industrial Security.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (segmentation faults) when opening specific DWG files.
- **Detection Methods:** Monitor for unusual child processes spawning from Solid Edge or unauthorized memory access attempts. Security teams can use static analysis tools to identify the presence of vulnerable ODA SDK versions in the environment.
## References
- **Siemens Security Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-975766[.]html
- **Open Design Alliance Security Advisories:** hxxps://www[.]opendesign[.]com/security-advisories
- **Siemens Industrial Security:** hxxps://www[.]siemens[.]com/industrialsecurity