CVE-2023-24558
📋 TL;DR
This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious PAR files. It affects Solid Edge SE2022 and SE2023 users running vulnerable versions. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Solid Edge SE2022
- Solid Edge SE2023
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker executing arbitrary code in the context of the Solid Edge process, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or remote code execution if user opens a malicious PAR file, leading to data compromise or malware installation.
If Mitigated
Limited impact if proper application whitelisting and file validation are in place, though some data exposure may still occur.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious PAR file. No public exploits are currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Solid Edge SE2022: V222.0MP12 or later, Solid Edge SE2023: V223.0Update2 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Block PAR file execution
windowsPrevent Solid Edge from opening PAR files via application control or file extension blocking
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.par, Security Level: Disallowed
User awareness training
allTrain users to avoid opening PAR files from untrusted sources
🧯 If You Can't Patch
- Implement application whitelisting to restrict execution of Solid Edge to trusted locations only
- Use email and web gateways to block PAR file attachments and downloads from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About Solid Edge. If version is below V222.0MP12 for SE2022 or below V223.0Update2 for SE2023, the system is vulnerable.Check Version:
In Solid Edge: Help > About Solid EdgeVerify Fix Applied:
After patching, verify version shows V222.0MP12 or higher for SE2022, or V223.0Update2 or higher for SE2023.📡 Detection & Monitoring
Log Indicators:
- Windows Application logs showing Solid Edge crashes when opening PAR files
- Antivirus alerts for suspicious PAR file activity
Network Indicators:
- Unusual outbound connections from Solid Edge process
- Downloads of PAR files from untrusted sources
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName="sedge*.exe" AND ExceptionCode=0xC0000005