PatchSiren cyber security CVE debrief
CVE-2024-47941 Siemens CVE debrief
CVE-2024-47941 is a high-severity out-of-bounds read vulnerability in Siemens Solid Edge SE2024, published on November 12, 2024. The flaw occurs when parsing specially crafted PAR (part) files, allowing an attacker to execute arbitrary code within the context of the current process. The vulnerability stems from reading past the end of an allocated structure during PAR file parsing. With a CVSS 3.1 score of 7.8 (HIGH), this local attack vector requires user interaction—specifically, opening a malicious PAR file—but needs no privileges and has low attack complexity. Successful exploitation grants high impact across confidentiality, integrity, and availability. Siemens has released a vendor fix in V224.0 Update 9 or later. CISA recommends defense-in-depth strategies for industrial control systems and cautions against opening untrusted PAR files in affected applications. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- Solid Edge SE2024
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Engineering teams using Siemens Solid Edge for mechanical design, manufacturing organizations with supply chain file exchange workflows, OT security teams protecting CAD/CAM environments, and IT administrators managing engineering workstation deployments
Technical summary
The vulnerability exists in the PAR file parsing component of Siemens Solid Edge SE2024. When processing a malformed PAR file, the application reads beyond the bounds of an allocated memory structure. This out-of-bounds read can be leveraged to achieve code execution in the context of the Solid Edge process. The attack requires local access and user interaction to open the malicious file, but no special privileges are needed. The vulnerability is particularly relevant to engineering and manufacturing environments where PAR files are routinely exchanged between collaborators, suppliers, and contractors, increasing the attack surface through social engineering vectors.
Defensive priority
HIGH
Recommended defensive actions
- Apply Siemens Solid Edge V224.0 Update 9 or later to remediate this vulnerability
- Implement application whitelisting to prevent execution of unauthorized Solid Edge instances
- Train users to avoid opening PAR files from untrusted or unverified sources
- Deploy endpoint detection and response (EDR) solutions with behavioral monitoring for CAD application anomalies
- Segment engineering workstations from operational technology networks per ICS-CERT recommended practices
- Monitor for suspicious PAR file distribution in phishing campaigns targeting engineering personnel
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-319-05 and Siemens security advisory SSA-351178. CVSS vector confirmed as CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Affected product confirmed as Solid Edge SE2024. Remediation guidance validated against vendor-provided fix information.
Official resources
-
CVE-2024-47941 CVE record
CVE.org
-
CVE-2024-47941 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12