Siemens Solid Edge vulnerabilities

CVE-2021-37202 [HIGH] CWE-416 CVE-2021-37202: A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the cu

CVE-2021-37203 [HIGH] CWE-125 CVE-2021-37203: A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition o

CVE-2021-34326 [HIGH] CWE-122 CVE-2021-34326: A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-l

CVE-2021-34329 [HIGH] CWE-122 CVE-2021-34329: A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-l

CVE-2021-34327 [HIGH] CWE-122 CVE-2021-34327: A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-l

CVE-2021-34328 [HIGH] CWE-122 CVE-2021-34328: A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-l

CVE-2021-27380 [HIGH] CWE-787 CVE-2021-27380: A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability

CVE-2021-27381 [HIGH] CWE-125 CVE-2021-27381: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability t

CVE-2020-28385 [HIGH] CWE-787 CVE-2020-28385: A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability

CVE-2020-28387 [MEDIUM] CWE-611 CVE-2020-28387: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without takin

CVE-2020-28386 [HIGH] CWE-787 CVE-2020-28386: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability

CVE-2020-28382 [HIGH] CWE-787 CVE-2020-28382: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability t

CVE-2020-28383 [HIGH] CWE-787 CVE-2020-28383: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write p

CVE-2020-28381 [HIGH] CWE-787 CVE-2020-28381: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute co

CVE-2020-28384 [HIGH] CWE-121 CVE-2020-28384: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of

CVE-2020-26989 [HIGH] CWE-121 CVE-2020-26989: A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffe