CVE-2021-32946

Опубликовано: 17 июн. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-983/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-985/
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02
Third Party Advisory
US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-983/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-985/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

Версия до 2022.4 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*

Версия до 10.4.1 (исключая)

cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*

Версия до 13.2.0.2 (исключая)

cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*

Версия до 13.2.0.2 (исключая)

EPSS

Процентиль: 53%

0.00301

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-754

Связанные уязвимости

GHSA-cv5v-qfpj-5pm3