CVE-2024-54091
📋 TL;DR
This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting an out-of-bounds write buffer overflow when parsing malicious X_T files. It affects Solid Edge SE2024 and SE2025 users running vulnerable versions. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Solid Edge SE2024
- Solid Edge SE2025
📦 What is this software?
Parasolid by Siemens
Parasolid by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the Solid Edge process, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or remote code execution when users open malicious X_T files, leading to malware installation or data exfiltration.
If Mitigated
Limited impact with proper file validation and user education preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction to open malicious X_T files. No public exploits available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Solid Edge SE2024: V224.0 Update 12 or later; Solid Edge SE2025: V225.0 Update 3 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-672923.html
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the update installer. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Block X_T file execution
windowsPrevent Solid Edge from opening X_T files by modifying file associations or using application control policies.
User education and file validation
allTrain users to only open X_T files from trusted sources and implement file validation procedures.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized Solid Edge processes.
- Use network segmentation to isolate Solid Edge workstations from critical systems.
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version in Help > About Solid Edge. If version is below V224.0 Update 12 (SE2024) or V225.0 Update 3 (SE2025), the system is vulnerable.Check Version:
Not applicable - check via Solid Edge GUI Help > About menu.Verify Fix Applied:
Verify the version in Help > About Solid Edge matches or exceeds the patched versions.📡 Detection & Monitoring
Log Indicators:
- Solid Edge crash logs with memory access violations
- Unexpected process creation from Solid Edge
Network Indicators:
- Outbound connections from Solid Edge to unknown IPs
- Unusual file transfers from Solid Edge workstations
SIEM Query:
Process creation where parent process contains 'solidedge' AND (command line contains '.x_t' OR file path contains '.x_t')