Multiple Vulnerabilities in Siemens Solid Edge Could Lead to Arbitrary Code Execution

DESCRIPTION:
Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,
the most severe of which could allow for arbitrary code execution in the
context of the system process. Solid Edge is used for designing and
viewing 2D and 3D models. Depending on the privileges associated with
the application, an attacker could view, change, or delete data. If this
application has been configured to have fewer user rights on the system,
exploitation of the most severe of these vulnerabilities could have less
impact than if it was configured with administrative rights.

IMPACT:
Multiple vulnerabilities have been discovered in Siemens’ Solid Edge,
the most severe of which could allow for arbitrary code execution in the
context of the system process. Exploits can be triggered by an
unsuspecting user opening a malicious file with the vulnerable software.

Details of the vulnerabilities are as follows:

* An out-of-bounds write error when parsing ‘PAR’ files due to a failure
to properly validate user input (CVE-2020-28381, CVE-2020-28382,
CVE-2020-28383)
* A stack-based buffer-overflow when parsing ‘PAR’ files (CVE-2020-28384
and CVE-2020-26989)
* An out-of-bounds write error when parsing ‘DFT’ files (CVE-2020-28386)

Successful exploitation of the most severe of these vulnerabilities
could allow an attacker to execute arbitrary code in the context of the
browser. Depending on the privileges associated with the application, an
attacker could view, change, or delete data. If this application has
been configured to have fewer user rights on the system, exploitation of
the most severe of these vulnerabilities could have less impact than if
it was configured with administrative rights.

SYSTEM AFFECTED:
* Solid Edge versions prior to 2021MP2

RECOMMENDATIONS:
We recommend the following actions be taken:
* Install the updates provided by Siemens immediately after appropriate
testing.
* Remind users not to visit un-trusted websites or follow links provided
by unknown or un-trusted sources.
* Inform and educate users regarding the threats posed by hypertext
links contained in emails or attachments especially from un-trusted sources.
* Apply the Principle of Least Privilege to all systems and services;
run all software as a nonprivileged user with minimal access rights

REFERENCES:
https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04

Share