Updated: 3-NOV-2022
SOLID_EDGE
SSA-258115: DWG File Parsing Vulnerability in Solid Edge 2022 thru MP8
As outlined in the Siemens Product Certification team's security report SSA-258115, a small vulnerability resulting from a manually derived, malicious file manipulation could be triggered when the application reads files in a DWG file format. If a user is tricked into opening a malicious file with the affected application, this could lead to a crash and potentially arbitrary code execution.
Please Note: There have been no actual reported customer cases associated with these vulnerabilities.
If the recommended solution/remediation documented in the Siemens Product Certification security report (SSA-258115) is implemented, this vulnerability will be eliminated.
The worst-case outcome in these scenarios is the same as the worst-case for any phishing attack. You are vulnerable to ransomware, loss of IP, loss of personal information, or general exposure of data on your system or network.
As always, we encourage customers to provide appropriate network protections, utilize the concept of "defense-in-depth," and don't open files from unknown or untrusted sources.
Hardware/Software Configuration
Product: SOLID_EDGE
Affected Software: Solid Edge 2022 thru MP8