CVE-2021-25678

Published: Apr 22, 2021Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

Affected (2)

Products: Siemens: Solid Edge Se2020, Solid Edge Se2021

2 products

Solid Edge Se2020

Solid Edge Se2021

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Solid Edge Se2020	Before se2020mp14
Siemens Solid Edge Se2021	Before se2021mp4

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf

Source: productcert@siemens.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-611/

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-611/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.