-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-853037: File Parsing Vulnerabilities in Parasolid

Publication Date:        2022-11-08
Last Update:             2022-11-08
Current Version:         1.0
CVSS v3.1 Base Score:    7.8


SUMMARY
=======

Parasolid is affected by out of bounds read/write vulnerabilities that
could be triggered when the application reads files in X_T format. If
a user is tricked to open a malicious file with the affected
applications, an attacker could leverage the vulnerability to perform
remote code execution in the context of the current process.

Siemens has released updates for the affected products and recommends
to update to the latest versions.


AFFECTED PRODUCTS AND SOLUTION
==============================


* Parasolid V34.0 
  - Affected versions:
       All versions < V34.0.252
  - Remediation:
       Update to V34.0.252 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/

* Parasolid V34.0 
  - Affected versions:
       All versions >= V34.0.252 < V34.0.254
    - Affected by vulnerabilities:
    - CVE-2022-39157
  - Remediation:
       Update to V34.0.254 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/

* Parasolid V34.1 
  - Affected versions:
       All versions < V34.1.242
  - Remediation:
       Update to V34.1.242 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/

* Parasolid V34.1 
  - Affected versions:
       All versions >= V34.1.242 < V34.1.244
    - Affected by vulnerabilities:
    - CVE-2022-39157
  - Remediation:
       Update to V34.1.244 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/

* Parasolid V35.0 
  - Affected versions:
       All versions < V35.0.170
  - Remediation:
       Update to V35.0.170 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/

* Parasolid V35.0 
  - Affected versions:
       All versions >= V35.0.170 <  V35.0.184
    - Affected by vulnerabilities:
    - CVE-2022-39157
  - Remediation:
       Update to V35.0.184 or later version

       See further recommendations from section "Workarounds and Mitigations"
  - Download:
       https://support.sw.siemens.com/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

  * Do not open untrusted X_T files in Parasolid

Product-specific remediations or mitigations can be found in the section
"Affected Products and Solution".


Please follow the "General Security Recommendations".


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends
to configure the environment according to Siemens' operational
guidelines for Industrial Security (Download:

https://www.siemens.com/cert/operational-guidelines-industrial-
security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found
at:  https://www.siemens.com/industrialsecurity


PRODUCT DESCRIPTION
===================

Parasolid is a 3D geometric modeling tool that supports various
techniques, including solid modeling, direct editing, and free-form
surface/sheet modeling.

VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2022-39157

  The affected application contains an out of bounds read past the end
  of an allocated structure while parsing specially crafted X_T files.
  This could allow an attacker to execute code in the context of the
  current process. (ZDI-CAN-17745)

    CVSS v3.1 Base Score: 7.8
    CVSS Vector:          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-125: Out-of-bounds Read

* Vulnerability CVE-2022-43397

  The affected application contains an out of bounds write past the
  end of an allocated buffer while parsing specially crafted X_T
  files. This could allow an attacker to execute code in the context
  of the current process. (ZDI-CAN-17854)

    CVSS v3.1 Base Score: 7.8
    CVSS Vector:          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
    CWE:                  CWE-787: Out-of-bounds Write




ACKNOWLEDGMENTS
===============

Siemens thanks the following party for its efforts:

   * Trend Micro Zero Day Initiative for coordinated disclosure


ADDITIONAL INFORMATION
======================

For further inquiries on security vulnerabilities in Siemens products and
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2022-11-08): Publication Date

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.

Copyright: Siemens 2022
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHyx/myPwjH9jB9tDlm7gTEmyujQFAmNpnAAACgkQlm7gTEmy
ujSpeg/5Ae3pvL417faBt7mq9AIYb2Y0QoZWTHgZMzDE4+At1eIZzw2NRxBYoyxA
07+J16TeHfw25DKRHYkh0cRMJWiIKqirdtmBPAepu1BgMnI/KbFSqAXpomBxttuM
39mfKvMQlQ9NQSx+OxKZIlW/KK7f8OivtRhJaFou31jmKOB8PV4ESI1Xi0kaXHTZ
NBzwRBjRB3Mizle/nk0UzwpQB5NzULDRSiVVKnJeMvS6FD71BMsBwWYsDUj86M8E
qecWe2e61hJP1DcP72cj6bpMzrd7aimwBsd1ywZfCtd39PtHr4VVSaaY6VweM3na
WwKnhSBbFo9FSJTKB1yBrUWEYqiOnXQ2dpmZkGfoBVHbsdYAf4BU3Xsw9no2BJcp
55sUlD7zCtZ3i7KDp32+UGalizHTxGUhnHkuvbZtUoQK0pIbZCgqMSnTVKtQRYed
olydZpszpc1/rW5oGc1YV1y2AnL9Glx8Yn2JPZfy6A5ZJShF43/pImPveo8BY9CS
EV0Wwj4v4WOMfEyiWgf6+0IWXHEuNnVLshUA9vmh75NOug+U9WoZu+6sinMq2zOX
jcp2eqqXh7WkDDB88vkCZPHg2l5MDELLbJCKoZuccd/gUh9a5iAnbN3oFBm+DOC8
p8wFnnbYoyzE0zgMwkjTiUkCwcSoGspDbCxsx8Go8DOlCjqzlPM=
=mclt
-----END PGP SIGNATURE-----