CVE-2023-49125

Q: How do I fix CVE-2023-49125?

1. Download the latest patches from Siemens support portal. 2. Apply patches to affected systems. 3. Restart applications/services. 4. Verify patch installation.

Q: What is the severity of CVE-2023-49125?

CVE-2023-49125 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read in Parasolid and Solid Edge when processing malicious XT files. Affected users include those running vulnerable versions of Siemens Parasolid V35.0, V35.1, V36.0, Solid Edge SE2023, and Solid Edge SE2024. Successful exploitation could lead to complete system compromise.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read in Parasolid and Solid Edge when processing malicious XT files. Affected users include those running vulnerable versions of Siemens Parasolid V35.0, V35.1, V36.0, Solid Edge SE2023, and Solid Edge SE2024. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Parasolid V35.0
Parasolid V35.1
Parasolid V36.0
Solid Edge SE2023
Solid Edge SE2024

Versions: Parasolid V35.0 < V35.0.263, Parasolid V35.1 < V35.1.252, Parasolid V36.0 < V36.0.198, Solid Edge SE2023 < V223.0 Update 11, Solid Edge SE2024 < V224.0 Update 3

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable when processing XT files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the current process context, potentially leading to data exfiltration.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious XT file, but no authentication is needed once the file is processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Parasolid V35.0.263, V35.1.252, V36.0.198, Solid Edge SE2023 V223.0 Update 11, Solid Edge SE2024 V224.0 Update 3

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-382651.html

Restart Required: Yes

Instructions:

1. Download the latest patches from Siemens support portal. 2. Apply patches to affected systems. 3. Restart applications/services. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict XT file processing

all

Block or restrict processing of XT files through application settings or system policies.

User awareness training

all

Educate users to avoid opening untrusted XT files from unknown sources.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code.
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check installed version against affected version ranges in application about dialog or system information.

Check Version:

Check application Help > About or use system-specific version query commands.

Verify Fix Applied:

Verify version number matches or exceeds patched versions: Parasolid V35.0.263+, V35.1.252+, V36.0.198+, Solid Edge SE2023 V223.0 Update 11+, Solid Edge SE2024 V224.0 Update 3+.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing XT files
Unexpected process creation from Parasolid/Solid Edge

Network Indicators:

Outbound connections from CAD applications to unexpected destinations

SIEM Query:

Process creation events from parasolid.exe or sldedge.exe followed by suspicious network activity

📊 Metadata

CVE ID: CVE-2023-49125

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-382651.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-797296.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-382651.html Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-797296.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Parasolid by Siemens

Parasolid by Siemens

Parasolid by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2023 by Siemens

Solid Edge Se2024 by Siemens

Solid Edge Se2024 by Siemens

Solid Edge Se2024 by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict XT file processing

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities