← Back

CVE-2021-41534

nvd nist
Published: Sep 28, 2021Modified: Nov 21, 2024

JSON object

Loading...
3.3
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 1.8 / Impact: 1.4
Source: NVD

Description

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).

Affected (11)

Siemens
3 products
Solid Edge
Nx 1984 Firmware
Nx 1988 Firmware
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Solid Edge
Before se2021
Solid Edge
Version se2021
Solid Edge
Version se2021 maintenance_pack1
Solid Edge
Version se2021 maintenance_pack2
Solid Edge
Version se2021 maintenance_pack3
Solid Edge
Version se2021 maintenance_pack4
Solid Edge
Version se2021 maintenance_pack5
Solid Edge
Version se2021 maintenance_pack6
Solid Edge
Version se2021 maintenance_pack7
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx 1984 Firmware
Before 1984
Running on/withPlatform Versions
Siemens
Nx 1984
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx 1988 Firmware
Before 1984
Running on/withPlatform Versions
Siemens
Nx 1988
All versions

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

Source: productcert@siemens.com
PatchVendor Advisory
Source: productcert@siemens.com
PatchVendor Advisory
Source: productcert@siemens.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.