CVE-2021-41533Out-of-bounds Read in Siemens Solid Edge

CWE-125Out-of-bounds Read3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 56.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Siemens NX 1984 FirmwareSiemens NX 1988 FirmwareSiemens Solid Edge+2 more
Timeline
PublishedSep 28
Latest updateMay 24

Description

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5siemens/solid_edge_se2021All versions < SE2021MP8
NVDsiemens/solid_edge< se2021+1
CVEListV5siemens/nx_1980_seriesAll versions < V1984

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-652j-c9gp-mc28: A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8)2022-05-24
CVEList
CVE-2021-41533: A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8)2021-09-28
CVE-2021-41533 — Out-of-bounds Read in Siemens | cvebase