Fortinet Researcher Discover Vulnerabilities in Siemens Solutions: PADS Standard Layout Viewer and PADS Standard Plus Layout Viewer

In late May, 2022, I discovered and reported multiple zero-day vulnerabilities in the Siemens PADS Layout Viewer solutions. This week (July 12, 2022), Siemens published their advisories for the same.

These vulnerabilities are identified as CVE-2022-34272, CVE-2022-34273, CVE-2022-34274, CVE-2022-34275, CVE-2022-34276, CVE-2022-34277, CVE-2022-34278, CVE-2022-34279, CVE-2022-34280, CVE-2022-34281, CVE-2022-34282, CVE-2022-34283, CVE-2022-34284, CVE-2022-34285, CVE-2022-34286, CVE-2022-34287, CVE-2022-34288, CVE-2022-34289, CVE-2022-34290, and CVE-2022-34291.

Each of these is the result of a Memory Corruption vulnerability that exists in the decoding of PCB files in Siemens’ PADS Standard Layout Viewer and Standard Plus Layout Viewer solutions.

While these vulnerabilities all have different root causes related to the decoding of the PCB file format used by the vulnerable Siemens PADS Layout Viewer product, each of the resulting malformed PCB files includes out of bounds memory access due to an improper bounds check that enable attackers to exploit these vulnerabilities to either execute arbitrary code or leak sensitive information within the context of the application via a crafted PCB file. 

Due to the severity of these vulnerabilities, we urge users to not open PCB files from untrusted sources and take additional steps to virtually patch their systems by using FortiGate IPS infront of the impacted systems which has been protecting customers against these zero days since their discovery.

Affected platforms: Windows
Impacted parties: Users of Siemens PADS Standard/Plus Layout Viewer ALL Versions.
Impact: Multiple Vulnerabilities leading to arbitrary code execution or information disclosure
Severity level: High

Vulnerabilities

Following is the list of the discovered vulnerabilities linked to the specific Fortinet Zero Day Advisory for each containing further technical details. I also included each vulnerability’s potential exploit and the name of the related IPS signature released by Fortinet to proactively protect our customers:

CVE-2022-34272 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34272.Memory.Corruption for this specific vulnerability.

CVE-2022-34273 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34273.Memory.Corruption for this specific vulnerability.

CVE-2022-34274 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34274.Memory.Corruption for this specific vulnerability.

CVE-2022-34275 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34275.Memory.Corruption for this specific vulnerability.

CVE-2022-34276 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34276.Memory.Corruption for this specific vulnerability.

CVE-2022-34277 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34277.Memory.Corruption for this specific vulnerability.

CVE-2022-34278 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34278.Memory.Corruption for this specific vulnerability.

CVE-2022-34279 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34279.Memory.Corruption for this specific vulnerability.

CVE-2022-34280 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34280.Memory.Corruption for this specific vulnerability.

CVE-2022-34281 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34281.Memory.Corruption for this specific vulnerability.

CVE-2022-34282 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34282.Memory.Corruption for this specific vulnerability.

CVE-2022-34283 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34283.Memory.Corruption for this specific vulnerability.

CVE-2022-34284 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34284.Memory.Corruption for this specific vulnerability.

CVE-2022-34285 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34285.Memory.Corruption for this specific vulnerability.

CVE-2022-34286 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34286.Memory.Corruption for this specific vulnerability.

CVE-2022-34287 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34287.Memory.Corruption for this specific vulnerability.

CVE-2022-34288 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34288.Memory.Corruption for this specific vulnerability.

CVE-2022-34289 – Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34289.Memory.Corruption for this specific vulnerability.

CVE-2022-34290 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34290.Memory.Corruption for this specific vulnerability.

CVE-2022-34291 – A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCB file. Fortinet released IPS signature Siemens.PADS.Layout.Viewer.CVE-2022-34291.Memory.Corruption for this specific vulnerability.

Fortinet Protections

Fortinet IPS customers are protected with the following signatures, which were previously released for these vulnerabilities:

• Siemens.PADS.Layout.Viewer.CVE-2022-34272.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34273.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34274.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34275.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34276.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34277.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34278.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34279.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34280.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34281.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34282.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34283.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34284.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34285.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34286.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34287.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34288.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34289.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34290.Memory.Corruption
• Siemens.PADS.Layout.Viewer.CVE-2022-34291.Memory.Corruption

In addition, FortiEDR detects and prevents the exploitation of these vulnerabilities.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.