CVE-2024-41908 Siemens CVE debrief

Who should care

Organizations using Siemens NX for computer-aided design and manufacturing, particularly in industrial and critical infrastructure sectors. Security teams responsible for CAD/CAM/CAE software deployments, engineering workstation security, and industrial control system environments should prioritize this vulnerability.

Technical summary

The vulnerability stems from improper bounds checking during parsing of PRT (part) files in Siemens NX. Specially crafted PRT files can trigger an out-of-bounds read condition, which may result in application denial of service through crashes or, under certain conditions, arbitrary code execution within the security context of the running process. The attack requires local access and user interaction to open a malicious file. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack vector, low attack complexity, no privileges required, user interaction required, and high impacts across confidentiality, integrity, and availability.

Defensive priority

HIGH

Recommended defensive actions

• Update Siemens NX to version V2406.3000 or later to address the out-of-bounds read vulnerability
• Implement policies to prevent users from opening untrusted PRT files from unknown or unverified sources
• Consider application sandboxing or privilege restrictions for Siemens NX processes where feasible
• Monitor for anomalous application crashes in Siemens NX that may indicate exploitation attempts
• Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-228-09 and Siemens security advisory SSA-357412. Affected product confirmed as Siemens NX. Vendor fix available in V2406.3000 or later.

Official resources