CVE-2021-37180 — Access of Uninitialized Pointer in Siemens Solid Edge Se2021 Firmware

CWE-824 — Access of Uninitialized Pointer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 40.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Solid Edge Se2021 Firmware Siemens Solid Edge Se2021

Timeline

PublishedAug 10

Latest updateMay 24

Description

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13775)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/solid_edge_se2021_firmware< se2021mp7

▶CVEListV5siemens/solid_edge_se2021All Versions < SE2021MP7

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-j2fm-87x9-h5c6: A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7)↗2022-05-24

▶

CVEList

CVE-2021-37180: A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7)↗2021-08-10

▶