Login Sign Up

CVE-2023-24550

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Solid Edge allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This affects Solid Edge SE2022 and SE2023 users who haven't applied security updates. The vulnerability enables remote code execution within the current process context.

💻 Affected Systems

Products:
  • Solid Edge SE2022
  • Solid Edge SE2023
Versions: SE2022: All versions before V222.0MP12, SE2023: All versions before V223.0Update2
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in PAR file parsing functionality; exploitation requires user interaction to open malicious files.

📦 What is this software?

Solid Edge Se2023 by Siemens

View all CVEs affecting Solid Edge Se2023 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware execution when users open malicious PAR files, potentially leading to credential theft or data exfiltration.

🟢

If Mitigated

Limited impact with proper application whitelisting and user training preventing execution of malicious files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious PAR files; no public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SE2022: V222.0MP12 or later, SE2023: V223.0Update2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Restart Required: Yes

Instructions:

1. Download latest Solid Edge updates from Siemens support portal. 2. Install updates following vendor instructions. 3. Restart affected systems. 4. Verify version is patched.

🔧 Temporary Workarounds

Block PAR file extensions

windows

Prevent execution of PAR files via group policy or application control

Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: *.PAR = Disallowed

User awareness training

all

Train users not to open PAR files from untrusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to block Solid Edge execution
  • Network segmentation to isolate Solid Edge workstations

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version via Help > About Solid Edge

Check Version:

In Solid Edge: Help > About Solid Edge

Verify Fix Applied:

Verify version is SE2022 V222.0MP12+ or SE2023 V223.0Update2+

📡 Detection & Monitoring

Log Indicators:

  • Solid Edge crash logs with heap corruption errors
  • Windows Application logs showing Solid Edge crashes

Network Indicators:

  • Unexpected PAR file downloads to engineering workstations
  • Outbound connections from Solid Edge to unknown IPs

SIEM Query:

source="Windows Security" EventID=4688 ProcessName="*SolidEdge*.exe" CommandLine="*.PAR"

📊 Metadata

CVE ID: CVE-2023-24550
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: February 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24550, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)