CVE-2021-41534

Опубликовано: 28 сент. 2021

Источник: nvd

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1118/
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1118/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*

Версия до se2021 (исключая)

cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*

cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:*

Версия до 1984 (исключая)

cpe:2.3:h:siemens:nx_1984:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:*

Версия до 1984 (исключая)

cpe:2.3:h:siemens:nx_1988:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.0021

Низкий

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-64h2-jvjq-j585

github

больше 3 лет назад

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).