CVE-2021-37179 – This vulnerability in Solid Edge SE2021 allows ... (How to Fix)

Q: What is the severity of CVE-2021-37179?

CVE-2021-37179 has a CVSS score of 7.8 (HIGH). This vulnerability in Solid Edge SE2021 allows attackers to execute arbitrary code by tricking users into opening malicious OBJ files. The use-after-free condition in PSKERNEL.dll can lead to remote code execution. All users of Solid Edge SE2021 versions before SE2021MP7 are affected.

📋 TL;DR

This vulnerability in Solid Edge SE2021 allows attackers to execute arbitrary code by tricking users into opening malicious OBJ files. The use-after-free condition in PSKERNEL.dll can lead to remote code execution. All users of Solid Edge SE2021 versions before SE2021MP7 are affected.

💻 Affected Systems

Products:

Solid Edge SE2021

Versions: All versions before SE2021MP7

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user to open a malicious OBJ file with Solid Edge. The vulnerability is in the PSKERNEL.dll library used for parsing OBJ files.

📦 What is this software?

Solid Edge Se2021 Firmware by Siemens

View all CVEs affecting Solid Edge Se2021 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Targeted attacks against engineering/manufacturing organizations where attackers send malicious OBJ files via email or compromised websites.

🟢

If Mitigated

Limited impact if file execution is restricted, users are trained not to open untrusted files, and proper endpoint protection is in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but OBJ files could be hosted on compromised websites or sent via email.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal file shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. The vulnerability is a use-after-free condition which typically requires some exploit development skill to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SE2021MP7

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf

Restart Required: Yes

Instructions:

1. Download Solid Edge SE2021 Maintenance Pack 7 (SE2021MP7) from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the installer with administrative privileges. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Block OBJ file execution

windows

Configure application control or endpoint protection to block execution of OBJ files in Solid Edge.

User training and file restrictions

all

Train users not to open OBJ files from untrusted sources and implement email filtering for OBJ attachments.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of Solid Edge from untrusted locations
Use endpoint detection and response (EDR) solutions to monitor for suspicious file parsing activities

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version in Help > About Solid Edge. If version is earlier than SE2021MP7, the system is vulnerable.

Check Version:

In Solid Edge: Help > About Solid Edge

Verify Fix Applied:

Verify version shows SE2021MP7 or later in Help > About Solid Edge.

📡 Detection & Monitoring

Log Indicators:

Solid Edge crash logs showing PSKERNEL.dll errors
Windows Application logs showing Solid Edge crashes when opening OBJ files

Network Indicators:

Unusual outbound connections from Solid Edge process after opening OBJ files

SIEM Query:

process_name:"sedge.exe" AND (event_id:1000 OR event_id:1001) AND module_name:"PSKERNEL.dll"

📊 Metadata

CVE ID: CVE-2021-37179

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: August 10, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1114/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1114/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37179, you might also want to check these: