Login Sign Up

CVE-2021-25678

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Solid Edge CAD software allows attackers to execute arbitrary code by exploiting improper validation of PAR files. It affects Solid Edge SE2020 and SE2021 versions before specific maintenance packs. Attackers can leverage this to run malicious code within the current process context.

💻 Affected Systems

Products:
  • Solid Edge SE2020
  • Solid Edge SE2021
Versions: SE2020 versions before SE2020MP13/SE2020MP14, SE2021 versions before SE2021MP4
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open malicious PAR files. All default installations are vulnerable.

📦 What is this software?

Solid Edge Se2020 by Siemens

View all CVEs affecting Solid Edge Se2020 →

Solid Edge Se2021 by Siemens

View all CVEs affecting Solid Edge Se2021 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation or code execution when a user opens a malicious PAR file, potentially compromising the workstation.

🟢

If Mitigated

Limited impact with proper application whitelisting, file validation, and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious PAR files. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SE2020MP13/SE2020MP14 for SE2020, SE2021MP4 for SE2021

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf

Restart Required: Yes

Instructions:

1. Download the appropriate maintenance pack from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the maintenance pack installer. 4. Restart the system.

🔧 Temporary Workarounds

Block PAR file execution

windows

Use application control or group policy to block execution of PAR files in Solid Edge.

User awareness training

all

Train users not to open PAR files from untrusted sources.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized Solid Edge execution
  • Use network segmentation to isolate Solid Edge workstations from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version in Help > About. If version is SE2020 before MP13/MP14 or SE2021 before MP4, system is vulnerable.

Check Version:

Not applicable - check via Solid Edge GUI Help > About

Verify Fix Applied:

Verify version shows SE2020MP13/MP14 or SE2021MP4 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Solid Edge crash logs with memory access violations
  • Windows Event Logs showing unexpected Solid Edge process termination

Network Indicators:

  • Unusual outbound connections from Solid Edge process

SIEM Query:

Process creation where parent process is Solid Edge and command line contains .par file extension

📊 Metadata

CVE ID: CVE-2021-25678
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25678, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)