CVE-2021-37178XML External Entity (XXE) Injection in Siemens Solid Edge Se2021 Firmware

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 55.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens Solid Edge Se2021 FirmwareSiemens Solid Edge Se2021
Timeline
PublishedAug 10
Latest updateMay 24

Description

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5siemens/solid_edge_se2021All Versions < SE2021MP7

🔴Vulnerability Details

2
GHSA
GHSA-3pr4-6x9m-839x: A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7)2022-05-24
CVEList
CVE-2021-37178: A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7)2021-08-10
CVE-2021-37178 — XML External Entity (XXE) Injection | cvebase