CVE-2023-24560
📋 TL;DR
This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting an out-of-bounds write when parsing malicious PAR files. Users of Solid Edge SE2022 and SE2023 are affected if they haven't applied the latest patches. The attack requires user interaction to open a specially crafted file.
💻 Affected Systems
- Solid Edge SE2022
- Solid Edge SE2023
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or application crash when a user opens a malicious PAR file, potentially leading to malware installation.
If Mitigated
Application crash without code execution if exploit fails or security controls block the attack.
🎯 Exploit Status
Exploitation requires user interaction to open malicious PAR file. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: SE2022: V222.0MP12 or later; SE2023: V223.0Update2 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Restart Required: Yes
Instructions:
1. Download latest Solid Edge update from Siemens support portal. 2. Run installer with administrative privileges. 3. Restart system after installation completes.
🔧 Temporary Workarounds
Block PAR file extensions
windowsPrevent Solid Edge from opening PAR files via file association blocking.
reg add "HKLM\SOFTWARE\Classes\.par" /v "Content Type" /t REG_SZ /d "application/octet-stream" /f
reg add "HKLM\SOFTWARE\Classes\SolidEdge.PartDocument\shell\open\command" /ve /t REG_SZ /d "" /f
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized Solid Edge execution
- Educate users to never open PAR files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version in Help > About. If SE2022 version is below V222.0MP12 or SE2023 version is below V223.0Update2, system is vulnerable.Check Version:
wmic product where "name like 'Solid Edge%'" get versionVerify Fix Applied:
Verify Solid Edge version shows V222.0MP12 or higher for SE2022, or V223.0Update2 or higher for SE2023.📡 Detection & Monitoring
Log Indicators:
- Solid Edge crash logs with memory access violations
- Windows Application Event Logs with Faulting Module: SEECAD.dll
Network Indicators:
- Unusual outbound connections after Solid Edge processes PAR files
SIEM Query:
EventID=1000 AND SourceName='Application Error' AND FaultingModuleName='SEECAD.dll'