CVE-2021-31784

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.3%

top 42.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opendesign Drawings SDK Siemens Comos

Timeline

PublishedApr 26

Latest updateMay 24

Description

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDopendesign/drawings_sdk< 2021.6

▶NVDsiemens/comos< 10.4.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3r4-vrqm-m7jv: An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021↗2022-05-24

▶

CVEList

CVE-2021-31784: An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021↗2021-04-26

▶