Date: 14-FEB-2023
SOLID_EDGE
SSA-491245: Multiple File Parsing Vulnerabilities in Solid Edge
As outlined in the Siemens Product Certification team's security report SSA-491245, a small vulnerability resulting from a manually derived, malicious file manipulation could be triggered when the application reads files in X_B, DWG, DXF, STL, STP, SLDPRT, and PAR format. If a user is tricked into opening a malicious file with the affected application, this could lead to a crash and potentially arbitrary code execution.
Please Note: There have been no actual reported customer cases associated with these vulnerabilities.
If the recommended solution/remediation documented in the Siemens Product Certification security report (SSA-491245) is implemented, this vulnerability will be eliminated.
The worst-case outcome in these scenarios is the same as the worst-case for any phishing attack. You are vulnerable to ransomware, loss of IP, loss of personal information, or general exposure of data on your system or network.
As always, we encourage customers to provide appropriate network protections, utilize the concept of "defense-in-depth," and don't open files from unknown or untrusted sources.