Multiple File Parsing Vulnerabilities in Solid Edge - SSA-491245 (CAD Software)

[Daenni 0]

Hi at all,

there is a new Security Advisory behind this link.

Copied Text:
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as X_B, DWG, DXF, STL, STP, SLDPRT and PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to crash the application, extract data or potentially lead to arbitrary code execution.

It is possible to detect this malicious files with ESET AV or ESET Cloud LiveGrid?

[Marcos 5,074]

You are probably referring to CVE-2023-24553. Since I could not find any detection name with that CVE number, I assume that we have not seen actual malware or PoC exploiting the vulnerability yet.

[itman 1,659]

Refer to this Siemens publication for mitigations to this current and past Solid Edge vulnerabilities: https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf .