This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Siemens published a consumer notice on Tuesday 25th of May concerning several serious vulnerabilities impacting its Solid Edge product. The faults are generated using the software of the fourth party, which many other organizations often use.
“The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion, which may not contain the latest security fixes provided by Luxion. Siemens recommends updating KeyShot according to the information in the Luxion Security Advisory LSA-394129,” read the advisory released by Siemens.
Security researcher Andrea Micalizzi, who has detected numerous flaws in industrial systems in recent years, also discovered the problems in Siemens Solid Edge last year. The vulnerability problems have been reported by the Zero Day Initiative (ZDI) of Trend Micro and the US Cybersecurity and Infrastructure Security Agency (CISA).
Solid Edge is a software for solid modeling in 3D CAD, parametric and synchronous technology. It operates on Microsoft Windows and offers mechanical engineers solid modeling, assembly modeling, and 2D orthographic viewing functions.
Micalizzi found that five vulnerabilities harm the product, comprising four serious memory corruption flaws which allow remote code implementation and one medium-sized XXE problem that could provide for the exposure of information. The vulnerabilities can indeed be triggered through the processing of malicious CATPart, 3DXML, STP, PRT, or JT files by the potential customer.
Solid Edge: Solid Modeling Software Affected by Vulnerabilities