CVE-2023-24564
📋 TL;DR
A memory corruption vulnerability in Solid Edge CAD software allows attackers to execute arbitrary code by tricking users into opening malicious DWG files. This affects Solid Edge SE2022 and SE2023 users who haven't applied security updates. Successful exploitation gives attackers the same privileges as the current user process.
💻 Affected Systems
- Solid Edge SE2022
- Solid Edge SE2023
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware installation when users open malicious DWG files from untrusted sources.
If Mitigated
Limited impact with proper user training, file validation, and least privilege principles in place.
🎯 Exploit Status
Exploitation requires user interaction to open malicious DWG files. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Solid Edge SE2022: V222.0MP12 or later; Solid Edge SE2023: V223.0Update2 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens support portal. 2. Close all Solid Edge instances. 3. Run the update installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Block DWG file extensions
windowsPrevent Solid Edge from opening DWG files via group policy or application restrictions
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dwg, Security Level: Disallowed
Use file validation
allImplement file validation tools to scan DWG files before opening
🧯 If You Can't Patch
- Restrict user privileges to prevent system-wide compromise if exploited
- Implement application whitelisting to block unauthorized code execution
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About Solid Edge. If version is below V222.0MP12 (SE2022) or V223.0Update2 (SE2023), system is vulnerable.Check Version:
In Solid Edge: Help > About Solid EdgeVerify Fix Applied:
Verify version is V222.0MP12 or higher for SE2022, or V223.0Update2 or higher for SE2023 in Help > About Solid Edge.📡 Detection & Monitoring
Log Indicators:
- Solid Edge crash logs with memory access violations
- Unexpected process creation from Solid Edge executable
Network Indicators:
- Downloads of DWG files from untrusted sources
- Outbound connections from Solid Edge process to unknown IPs
SIEM Query:
Process Creation: Parent Process contains 'sedge.exe' AND (Command Line contains '.dwg' OR New Process not in approved list)