Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-44018

Опубликовано: 09 фев. 2022
Источник: nvd
CVSS3: 7.8
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*
Версия до 13.2.0.7 (исключая)
cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack8:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
Версия от 13.2.0 (включая) до 13.2.0.7 (исключая)
cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*
Версия от 13.3.0 (включая) до 13.3.0.1 (исключая)
cpe:2.3:a:siemens:teamcenter_visualization:13.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00321
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125
CWE-119

Связанные уязвимости

github логотип

GHSA-qf66-r9gg-x4q3

CVSS3: 7.8
github
почти 4 года назад

A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)

EPSS

Процентиль: 55%
0.00321
Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-125
CWE-119