A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1117/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
28 Nov 2021, 23:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:nx_1988:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:nx_1984:-:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf - Patch, Vendor Advisory |
17 Nov 2021, 22:19
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). | |
References |
|
17 Nov 2021, 14:46
Type | Values Removed | Values Added |
---|---|---|
CPE |
10 Nov 2021, 01:19
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1117/ - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:* |
01 Oct 2021, 13:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:* cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 3.3 |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1117/ - Third Party Advisory | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf - Patch, Vendor Advisory |
30 Sep 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Sep 2021, 12:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-28 12:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-41533
Mitre link : CVE-2021-41533
CVE.ORG link : CVE-2021-41533
JSON object : View
Products Affected
siemens
- nx_1984_firmware
- nx_1988_firmware
- solid_edge
- nx_1988
- nx_1984
CWE
CWE-125
Out-of-bounds Read