← Back

CVE-2021-37203

nvd nist
Published: Sep 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Exploitability: 1.8 / Impact: 5.2
Source: NVD

Description

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.

Affected (10)

Siemens
2 products
Nx 1980
Solid Edge
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Nx 1980
Before 1984
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Solid Edge
Before se2021
Solid Edge
Version se2021
Solid Edge
Version se2021 maintenance_pack1
Solid Edge
Version se2021 maintenance_pack2
Solid Edge
Version se2021 maintenance_pack3
Solid Edge
Version se2021 maintenance_pack4
Solid Edge
Version se2021 maintenance_pack5
Solid Edge
Version se2021 maintenance_pack6
Solid Edge
Version se2021 maintenance_pack7

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

Source: productcert@siemens.com
PatchVendor Advisory
Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.