CVE-2021-27380

Опубликовано: 15 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf
Patch
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06
Third Party Advisory
US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf
Patch
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*

Версия до se2020 (исключая)

cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack10:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack11:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack12:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack9:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00357

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-pfjr-ff58-8j7x

github

больше 3 лет назад

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)