Full Report
Parasolid is affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: X_T File Parsing Vulnerabilities in Siemens Parasolid
## CVE Details
- **CVE ID:**
- CVE-2024-26275 (Out-of-bounds Read)
- CVE-2024-26276 (Stack Exhaustion)
- CVE-2024-26277 (Null Pointer Dereference)
- **CVSS Score:**
- CVE-2024-26275: 7.8 (High) - CVSS v3.1 / 7.3 (High) - CVSS v4.0
- CVE-2024-26276: 3.3 (Low) - CVSS v3.1 / 4.8 (Medium) - CVSS v4.0
- CVE-2024-26277: 3.3 (Low) - CVSS v3.1 / 4.8 (Medium) - CVSS v4.0
- **CWE:** CWE-125, CWE-770, CWE-476
## Affected Systems
- **Products:** Siemens Parasolid (3D geometric modeling engine)
- **Versions:**
- Parasolid V35.1: All versions prior to V35.1.254
- Parasolid V36.0: All versions prior to V36.0.207
- Parasolid V36.1: All versions prior to V36.1.147
- **Configurations:** Systems running applications that utilize the Parasolid engine to parse X_T (Parasolid XT) format files.
## Vulnerability Description
Multiple flaws exist in the way Parasolid parses specially crafted X_T files:
- **Remote Code Execution (CVE-2024-26275):** An out-of-bounds read occurs past the end of an allocated structure. This memory corruption can be leveraged by an attacker to execute arbitrary code in the context of the current process.
- **Denial of Service (CVE-2024-26276 & CVE-2024-26277):** These flaws involve stack exhaustion (resource allocation without limits) and null pointer dereferences, respectively. Both can lead to application crashes, resulting in a Denial of Service (DoS) condition.
## Exploitation
- **Status:** PoC available (Note: CVSS "Exploitation" metric 'E:P' indicates Functional Proof-of-Concept exists). No current reports of exploitation in the wild.
- **Complexity:** Low to Medium (Execution depends on user interaction).
- **Attack Vector:** Local (Requires a user to open a malicious file).
## Impact
- **Confidentiality:** High (CVE-2024-26275 can lead to data exposure or code execution).
- **Integrity:** High (Potential for full system compromise via code execution).
- **Availability:** High (Applications may crash or become unresponsive).
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **Parasolid V35.1:** Update to V35.1.254
- **Parasolid V36.0:** Update to V36.0.207
- **Parasolid V36.1:** Update to V36.1.147
### Workarounds
- **Restrict File Sources:** Do not open X_T files from untrusted or unknown sources.
- **Security Posture:** Follow Siemens' operational guidelines for Industrial Security to protect the IT environment.
## Detection
- **Indicators of compromise:** Unusual application crashes when processing CAD files or unexpected process behavior in the context of the Parasolid engine.
- **Detection methods and tools:** Use endpoint detection and response (EDR) tools to monitor for crashes in modeling software and validate the integrity of X_T files before ingestion.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-222019[.]html
- **Support Portal:** hxxps://support[.]sw[.]siemens[.]com/en-US/product/258316782/
- **Industrial Security Guidelines:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security