CVE-2023-24581 – A use-after-free vulnerability in Solid Edge CA... (How to Fix)

Q: What is the severity of CVE-2023-24581?

CVE-2023-24581 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Solid Edge CAD software allows attackers to execute arbitrary code by tricking users into opening malicious STP files. This affects Solid Edge SE2022 and SE2023 users who haven't applied security updates. Successful exploitation gives attackers the same privileges as the current user process.

📋 TL;DR

A use-after-free vulnerability in Solid Edge CAD software allows attackers to execute arbitrary code by tricking users into opening malicious STP files. This affects Solid Edge SE2022 and SE2023 users who haven't applied security updates. Successful exploitation gives attackers the same privileges as the current user process.

💻 Affected Systems

Products:

Solid Edge SE2022
Solid Edge SE2023

Versions: Solid Edge SE2022: All versions before V222.0MP12; Solid Edge SE2023: All versions before V223.0Update2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default installations when processing STP (STEP) CAD files.

📦 What is this software?

Solid Edge Se2023 by Siemens

View all CVEs affecting Solid Edge Se2023 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation or malware execution when users open malicious STP files from untrusted sources.

🟢

If Mitigated

Limited impact with proper file validation, user awareness, and restricted permissions preventing successful exploitation.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of file format manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Solid Edge SE2022: V222.0MP12 or later; Solid Edge SE2023: V223.0Update2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Restart Required: Yes

Instructions:

1. Download latest update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Block STP file extensions

windows

Prevent Solid Edge from opening STP files via group policy or application restrictions

Use application whitelisting

windows

Restrict execution of Solid Edge to trusted directories only

🧯 If You Can't Patch

Implement strict file validation policies to block untrusted STP files
Train users to avoid opening CAD files from unknown sources and enable macro/script warnings

🔍 How to Verify

Check if Vulnerable:

Check Solid Edge version via Help > About Solid Edge and compare against patched versions

Check Version:

Not applicable - check via GUI in Help > About Solid Edge

Verify Fix Applied:

Confirm version is SE2022 V222.0MP12+ or SE2023 V223.0Update2+ in About dialog

📡 Detection & Monitoring

Log Indicators:

Solid Edge crash logs with memory access violations
Unexpected process creation from Solid Edge

Network Indicators:

Unusual outbound connections from Solid Edge process

SIEM Query:

Process creation where parent_process contains 'sedge' AND (process_name contains 'cmd' OR process_name contains 'powershell')

📊 Metadata

CVE ID: CVE-2023-24581

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 14, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24581, you might also want to check these: