CVE-2023-24556
📋 TL;DR
This vulnerability allows remote code execution through specially crafted PAR files in Solid Edge CAD software. Attackers can exploit an out-of-bounds read vulnerability to execute arbitrary code in the context of the current process. Users of Solid Edge SE2022 and SE2023 are affected.
💻 Affected Systems
- Solid Edge SE2022
- Solid Edge SE2023
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the Solid Edge process, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or arbitrary code execution when a user opens a malicious PAR file, potentially leading to data exfiltration or malware installation.
If Mitigated
Limited impact if proper application sandboxing and least privilege principles are implemented, though file parsing vulnerabilities remain dangerous.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious PAR file. The vulnerability is in file parsing logic, making reliable exploitation non-trivial but feasible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V222.0MP12 for SE2022, V223.0Update2 for SE2023
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens Solid Edge support portal. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes. 4. Verify the version matches the patched version.
🔧 Temporary Workarounds
Block PAR file extensions
windowsPrevent execution of PAR files via group policy or application control
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: *.par = Disallowed
User awareness training
allEducate users to only open PAR files from trusted sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized Solid Edge execution
- Run Solid Edge with reduced privileges using application sandboxing or restricted user accounts
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About Solid Edge. If version is below V222.0MP12 (SE2022) or V223.0Update2 (SE2023), the system is vulnerable.Check Version:
In Solid Edge: Help > About Solid Edge, or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\Siemens\Solid EdgeVerify Fix Applied:
Verify the version matches or exceeds the patched versions. Test with known safe PAR files to ensure normal functionality.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Solid Edge when opening PAR files
- Unexpected process creation from sedge.exe
- File access to suspicious PAR files from network locations
Network Indicators:
- Downloads of PAR files from untrusted sources
- Unusual outbound connections from Solid Edge process
SIEM Query:
Process Creation: ParentImage="*\sedge.exe" AND (CommandLine CONTAINS "*.par" OR Image="*\cmd.exe" OR Image="*\powershell.exe")