CVE-2021-37179

{"id": "CVE-2021-37179", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-08-10T11:15:09.437", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1114/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Solid Edge versi\u00f3n SE2021 (Todas las versiones anteriores a SE2021MP7). La biblioteca PSKERNEL.dll de la aplicaci\u00f3n afectada carece de una comprobaci\u00f3n apropiada mientras analiza los archivos OBJ suministrados por el usuario, lo que podr\u00eda conllevar una condici\u00f3n de uso de la memoria previamente liberada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-13777)"}], "lastModified": "2021-12-16T18:20:08.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:solid_edge_se2021_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A421197B-49ED-48DC-BF2E-B42D97194BF8", "versionEndExcluding": "se2021mp7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:solid_edge_se2021:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B9B3882-6975-42EA-A056-B6EC83E51E78"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}