Solid Edge ST4 ActiveX Control Vulnerability

October 4, 2013

Solid Edge ST4, developed by SIMENS PLM Software, is a mechanical design system with tools for creating and managing 3D digital prototypes. Through third party applications, Solid Edge has links to many other Product Lifecycle Management (PLM) technologies. Upon installation of the SIEMENS Solid Edge ST4, an ActiveX control named SEListCtrlX is also deployed.

A memory corruption vulnerability exists in SIEMENS Solid Edge ST4; the vulnerability is due to exposure of an unsafe method in the SEListCtrlX ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted webpage using Internet Explorer. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user. Failed attacks could lead to termination of the browser.

SonicWall has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 4778 Siemens Solid Edge ActiveX DeleteItem Method Invocation