CVE-2023-24554 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2023-24554?

CVE-2023-24554 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read vulnerability in Solid Edge's PAR file parser. Attackers can craft malicious PAR files that trigger memory corruption when opened by affected Solid Edge versions. Users of Solid Edge SE2022 and SE2023 before specific updates are vulnerable.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read vulnerability in Solid Edge's PAR file parser. Attackers can craft malicious PAR files that trigger memory corruption when opened by affected Solid Edge versions. Users of Solid Edge SE2022 and SE2023 before specific updates are vulnerable.

💻 Affected Systems

Products:

Solid Edge SE2022
Solid Edge SE2023

Versions: SE2022: All versions before V222.0MP12, SE2023: All versions before V223.0Update2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the PAR file parsing component; all installations with affected versions are vulnerable by default.

📦 What is this software?

Solid Edge Se2023 by Siemens

View all CVEs affecting Solid Edge Se2023 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when a user opens a malicious PAR file, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact with proper application whitelisting and user training preventing execution of untrusted files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users frequently exchange engineering files, increasing likelihood of exploitation through social engineering.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious PAR files; no public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SE2022: V222.0MP12 or later, SE2023: V223.0Update2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Restart Required: Yes

Instructions:

1. Download the latest update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the update installer with administrative privileges. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Block PAR file extensions

windows

Prevent execution of PAR files via group policy or application control

Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: *.PAR = Disallowed

Disable PAR file association

windows

Remove Solid Edge as default handler for PAR files

reg delete "HKEY_CLASSES_ROOT\.par" /f
assoc .par=

🧯 If You Can't Patch

Implement application whitelisting to block untrusted Solid Edge instances
Educate users to never open PAR files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version via Help > About Solid Edge; compare against vulnerable versions.

Check Version:

wmic product where "name like 'Solid Edge%'" get version

Verify Fix Applied:

Verify version is SE2022 V222.0MP12+ or SE2023 V223.0Update2+ in Help > About Solid Edge.

📡 Detection & Monitoring

Log Indicators:

Solid Edge crash logs with memory access violations
Windows Application logs with Faulting Module: sgedge*.dll

Network Indicators:

Unusual outbound connections from Solid Edge process
PAR file downloads from untrusted sources

SIEM Query:

source="windows" AND (event_id=1000 OR event_id=1001) AND process_name="sedge.exe" AND faulting_module="sgedge*.dll"

📊 Metadata

CVE ID: CVE-2023-24554

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: February 14, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24554, you might also want to check these: