Solid Edge Users Beware: Critical Vulnerability Allows Remote Code Execution

CVECVE-2023-39187
CVSScvssV3_1: 7.8
SourceCVE-2023-39187

According to recent reports, a critical vulnerability has been discovered in all versions of Solid Edge SE2023 and earlier that could allow remote code execution.

Solid Edge is a 3D CAD/CAM program developed and sold by Siemens PLM Software. The vulnerability arises due to an out-of-bounds read error when parsing specially crafted DFT files. Attackers could potentially exploit this to execute arbitrary code on systems running a vulnerable version of Solid Edge.

DFT (design for testability) files are used within Solid Edge for testing and simulation purposes. By creating a malicious DFT file, attackers may be able to crash the application or even escalate privileges to take full control of the affected system.

If successful, this could have serious consequences as it would give an attacker complete access to do things like install malware, view/change data, or even maintain persistent remote access for future attacks.

The good news is Siemens has released updates to address this issue. Solid Edge users are strongly recommended to update to the latest version (SE2023 V223.0 Update 7 or later) as soon as possible to protect themselves against any potential attacks. It’s also advisable to exercise caution when opening files from untrusted sources until the update is installed.

Taking proactive steps now like updating your software can help prevent attackers from exploiting this vulnerability and compromising your valuable design data or broader network security. Stay vigilant and keep your Solid Edge installation patched and secure.

References