CVE-2024-54094
📋 TL;DR
A heap-based buffer overflow vulnerability in Solid Edge SE2024 allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This affects all versions before V224.0 Update 5. Users who open untrusted PAR files are at risk of complete system compromise.
💻 Affected Systems
- Solid Edge SE2024
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/administrator privileges leading to full system compromise, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Attackers send spear-phishing emails with malicious PAR attachments, tricking users into opening them and gaining code execution on their workstations.
If Mitigated
With proper controls, impact is limited to the Solid Edge process crashing or denial of service for the application.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No public exploit code is available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V224.0 Update 5
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-730188.html
Restart Required: Yes
Instructions:
1. Download Solid Edge SE2024 V224.0 Update 5 from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the update installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Block PAR file extensions
windowsPrevent Solid Edge from opening PAR files via group policy or application control.
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.par, Security Level: Disallowed
Disable PAR file association
windowsRemove PAR file type association with Solid Edge in Windows.
Open Command Prompt as administrator and run: assoc .par=
Then run: ftype SolidEdge.Part=
🧯 If You Can't Patch
- Implement application whitelisting to block execution of Solid Edge from untrusted locations.
- Deploy email filtering to block PAR attachments and user training to avoid opening untrusted files.
🔍 How to Verify
Check if Vulnerable:
Open Solid Edge, go to Help > About Solid Edge. Check if version is earlier than V224.0 Update 5.Check Version:
wmic product where "name like 'Solid Edge%'" get versionVerify Fix Applied:
After patching, verify version shows V224.0 Update 5 or later in Help > About Solid Edge.📡 Detection & Monitoring
Log Indicators:
- Solid Edge crash logs with exception codes like 0xC0000005 (ACCESS_VIOLATION)
- Windows Application logs with Faulting Module: Solid Edge executable
Network Indicators:
- Unusual outbound connections from Solid Edge process
- File downloads of PAR files from untrusted sources
SIEM Query:
source="windows" AND (event_id=1000 OR event_id=1001) AND process_name="*Solid Edge*" AND exception_code="0xC0000005"