CVE-2023-24552
📋 TL;DR
An out-of-bounds read vulnerability in Solid Edge allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This affects Solid Edge SE2022 and SE2023 users who haven't applied security updates. The vulnerability enables remote code execution within the current process context.
💻 Affected Systems
- Solid Edge SE2022
- Solid Edge SE2023
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via arbitrary code execution with the same privileges as the Solid Edge process, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Attackers deliver malicious PAR files via phishing or compromised websites, leading to malware installation or data exfiltration when users open the files.
If Mitigated
With proper patching and user awareness, impact is limited to isolated incidents with minimal data exposure.
🎯 Exploit Status
Exploitation requires user interaction to open malicious PAR files. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Solid Edge SE2022: V222.0MP12 or later; Solid Edge SE2023: V223.0Update2 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens Support Center. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes. 4. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Block PAR file extensions
windowsPrevent Solid Edge from opening PAR files by blocking the file extension at the system or network level.
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.par, Security Level: Disallowed
User awareness training
allEducate users to avoid opening PAR files from untrusted sources and to verify file integrity before opening.
🧯 If You Can't Patch
- Implement application whitelisting to restrict execution of unauthorized software.
- Use network segmentation to isolate Solid Edge systems from critical assets.
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About Solid Edge. If version is below V222.0MP12 for SE2022 or below V223.0Update2 for SE2023, the system is vulnerable.Check Version:
In Solid Edge: Help > About Solid EdgeVerify Fix Applied:
After patching, verify the version meets or exceeds the patched versions mentioned above.📡 Detection & Monitoring
Log Indicators:
- Unexpected process crashes of Solid Edge
- Creation of suspicious child processes from sedge.exe
- Multiple failed attempts to open PAR files
Network Indicators:
- Outbound connections from Solid Edge to unknown IP addresses
- Unusual network traffic patterns following PAR file opening
SIEM Query:
Process Creation: ParentImage contains "sedge.exe" AND (CommandLine contains ".par" OR Image contains suspicious executable names)