CVE-2020-28382 – This vulnerability in Solid Edge allows attacke... (How to Fix)

Q: What is the severity of CVE-2020-28382?

CVE-2020-28382 has a CVSS score of 7.8 (HIGH). This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting improper validation of PAR files. Users of Solid Edge SE2020 before MP12 and SE2021 before MP2 are affected when opening malicious PAR files.

📋 TL;DR

This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting improper validation of PAR files. Users of Solid Edge SE2020 before MP12 and SE2021 before MP2 are affected when opening malicious PAR files.

💻 Affected Systems

Products:

Solid Edge SE2020
Solid Edge SE2021

Versions: Solid Edge SE2020 (All versions before SE2020MP12), Solid Edge SE2021 (All versions before SE2021MP2)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing PAR files, which are Solid Edge part files. All default installations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution with the privileges of the Solid Edge process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local user or attacker with file access executes malicious code through crafted PAR files, compromising the workstation and potentially spreading through shared files.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and user training preventing execution of malicious files.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious PAR file. Multiple ZDI advisories suggest active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Solid Edge SE2020MP12 or later, Solid Edge SE2021MP2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf

Restart Required: Yes

Instructions:

1. Download latest Solid Edge maintenance pack from Siemens support portal. 2. Close all Solid Edge applications. 3. Run installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Block PAR file execution

windows

Use application control or group policy to block execution of PAR files or restrict Solid Edge from opening untrusted files.

User training and file validation

all

Train users to only open PAR files from trusted sources and implement file validation procedures.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized Solid Edge execution
Restrict user permissions and implement least privilege access controls

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version in Help > About. If version is SE2020 before MP12 or SE2021 before MP2, system is vulnerable.

Check Version:

Open Solid Edge, navigate to Help > About Solid Edge

Verify Fix Applied:

Verify version shows SE2020MP12 or later, or SE2021MP2 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Solid Edge crash logs with memory access violations
Unexpected PAR file processing from untrusted sources

Network Indicators:

Unusual outbound connections from Solid Edge process
File transfers of PAR files from external sources

SIEM Query:

Process: 'sedge.exe' AND (EventID: 1000 OR EventID: 1001) AND Description: 'access violation'

📊 Metadata

CVE ID: CVE-2020-28382

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 12, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-052/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-075/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-052/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-075/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28382, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block PAR file execution

User training and file validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities