CVE-2021-31342 – This vulnerability in Solid Edge's ugeom2d.dll ... (How to Fix)

Q: What is the severity of CVE-2021-31342?

CVE-2021-31342 has a CVSS score of 8.8 (HIGH). This vulnerability in Solid Edge's ugeom2d.dll library allows attackers to execute arbitrary code by exploiting improper validation in DFT file parsing. It affects all versions of Solid Edge SE2020 before 2020MP14 and SE2021 before SE2021MP5. Users who open malicious DFT files are at risk of complete system compromise.

📋 TL;DR

This vulnerability in Solid Edge's ugeom2d.dll library allows attackers to execute arbitrary code by exploiting improper validation in DFT file parsing. It affects all versions of Solid Edge SE2020 before 2020MP14 and SE2021 before SE2021MP5. Users who open malicious DFT files are at risk of complete system compromise.

💻 Affected Systems

Products:

Solid Edge SE2020
Solid Edge SE2021

Versions: Solid Edge SE2020: all versions before 2020MP14; Solid Edge SE2021: all versions before SE2021MP5

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within affected version ranges are vulnerable when processing DFT files.

📦 What is this software?

Solid Edge Se2020 Firmware by Siemens

View all CVEs affecting Solid Edge Se2020 Firmware →

Solid Edge Se2021 Firmware by Siemens

View all CVEs affecting Solid Edge Se2021 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker executing code as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or remote code execution when users open specially crafted DFT files, resulting in malware installation or data exfiltration.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious DFT files from being processed.

🌐 Internet-Facing: LOW - This requires user interaction to open malicious files, not directly exploitable over network without user action.

🏢 Internal Only: HIGH - Internal users opening malicious DFT files (via email, shared drives, etc.) can lead to widespread compromise within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious DFT file. The vulnerability is well-documented and likely being exploited in targeted attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Solid Edge SE2020: 2020MP14 or later; Solid Edge SE2021: SE2021MP5 or later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-159-09

Restart Required: Yes

Instructions:

1. Download latest Solid Edge update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Block DFT file extensions

windows

Prevent processing of DFT files at the system or network level

Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dft, Security Level: Disallowed

User awareness training

all

Educate users not to open DFT files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized Solid Edge execution
Use email filtering to block DFT attachments and network monitoring for DFT file transfers

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version: Open Solid Edge > Help > About Solid Edge. If version is SE2020 before 2020MP14 or SE2021 before SE2021MP5, system is vulnerable.

Check Version:

In Solid Edge: Help > About Solid Edge displays version information

Verify Fix Applied:

Verify version is SE2020 2020MP14+ or SE2021 SE2021MP5+ in Help > About Solid Edge. Test with known safe DFT files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Solid Edge crash logs with ugeom2d.dll errors
Windows Application logs showing Solid Edge crashes during DFT file processing
Unexpected Solid Edge process spawning child processes

Network Indicators:

Unusual outbound connections from Solid Edge process
DFT file downloads from untrusted sources

SIEM Query:

EventID=1000 AND Source="Application Error" AND ProcessName="edge.exe" AND FaultModuleName="ugeom2d.dll"

📊 Metadata

CVE ID: CVE-2021-31342

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 8, 2021

Last Updated: November 21, 2024

🔗 References

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-09 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-998/ Third Party Advisory,VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-09 Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-998/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31342, you might also want to check these: