CVE-2023-45601 – This vulnerability allows remote code execution... (How to Fix)

Q: How do I fix CVE-2023-45601?

1. Download latest version from Siemens support portal. 2. Backup current installation. 3. Install update following vendor instructions. 4. Restart affected systems. 5. Verify successful update.

Q: What is the severity of CVE-2023-45601?

CVE-2023-45601 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through stack overflow when parsing malicious IGS files in Siemens Parasolid and Tecnomatix Plant Simulation software. Attackers can execute arbitrary code with the privileges of the current process. Organizations using affected versions of these CAD/CAM and simulation tools are at risk.

📋 TL;DR

This vulnerability allows remote code execution through stack overflow when parsing malicious IGS files in Siemens Parasolid and Tecnomatix Plant Simulation software. Attackers can execute arbitrary code with the privileges of the current process. Organizations using affected versions of these CAD/CAM and simulation tools are at risk.

💻 Affected Systems

Products:

Parasolid
Tecnomatix Plant Simulation

Versions: Parasolid V35.0 (< V35.0.262), V35.1 (< V35.1.250), V36.0 (< V36.0.169); Tecnomatix Plant Simulation V2201 (< V2201.0009), V2302 (< V2302.0003)

Operating Systems: Windows, Linux, macOS (where supported)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with affected versions are vulnerable when processing IGS files. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, install malware, exfiltrate data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation or remote code execution leading to data theft, system disruption, or ransomware deployment.

🟢

If Mitigated

Limited impact due to network segmentation, file type restrictions, and least privilege principles preventing successful exploitation.

🌐 Internet-Facing: MEDIUM - While exploitation requires file parsing, internet-facing systems accepting IGS files could be targeted.

🏢 Internal Only: HIGH - Internal users could be tricked into opening malicious IGS files, leading to lateral movement within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious IGS file. No authentication needed for file parsing functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Parasolid V35.0.262, V35.1.250, V36.0.169; Tecnomatix Plant Simulation V2201.0009, V2302.0003

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf

Restart Required: Yes

Instructions:

1. Download latest version from Siemens support portal. 2. Backup current installation. 3. Install update following vendor instructions. 4. Restart affected systems. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict IGS file processing

all

Block or restrict processing of IGS files through application settings or group policies.

Implement file validation

all

Use external tools to validate IGS files before processing in vulnerable applications.

🧯 If You Can't Patch

Implement network segmentation to isolate affected systems
Apply strict file type restrictions and user education about IGS file risks

🔍 How to Verify

Check if Vulnerable:

Check application version against affected versions list. Review if IGS file processing is enabled.

Check Version:

Application-specific: Check 'About' dialog or use vendor-provided version checking tools.

Verify Fix Applied:

Verify installed version matches or exceeds patched versions listed in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing IGS files
Unusual process creation from CAD applications
Large stack overflow errors in application logs

Network Indicators:

Unexpected outbound connections from CAD workstations
File transfers containing IGS files to untrusted sources

SIEM Query:

Process creation where parent process contains 'parasolid' or 'plant simulation' AND command line contains '.igs'

📊 Metadata

CVE ID: CVE-2023-45601

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-524778.pdf Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45601, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Parasolid by Siemens

Parasolid by Siemens

Parasolid by Siemens

Tecnomatix by Siemens

Tecnomatix by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict IGS file processing

Implement file validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities