Search criteria
6 vulnerabilities found for nx_1980 by siemens
FKIE_CVE-2021-37203
Vulnerability from fkie_nvd - Published: 2021-09-14 11:15 - Updated: 2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf | Patch, Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | nx_1980 | * | |
| siemens | solid_edge | * | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A09766-0171-4DDA-9BF9-D379DA134571",
"versionEndExcluding": "1984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "576A303A-66CA-4694-AA54-9EB0137C24F1",
"versionEndExcluding": "se2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
"matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
"matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*",
"matchCriteriaId": "756343AA-DB57-40F7-94FA-84BFCDEB6159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*",
"matchCriteriaId": "36B0DD28-653E-4069-AB5A-38F8EFEB36CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*",
"matchCriteriaId": "82090774-D894-41C8-82F1-A48A8707E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*",
"matchCriteriaId": "BD346D22-9B5D-4A50-94E2-1F5C8D391EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*",
"matchCriteriaId": "1466AEE0-4A5C-4E2D-80B8-43680F60FC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*",
"matchCriteriaId": "A4173D09-C317-45FF-ABA4-39E5592862F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El archivo plmxmlAdapterIFC.dll contiene una lectura fuera de l\u00edmites al analizar los archivos IFC suministrados por el usuario, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Esto podr\u00eda permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio o leer informaci\u00f3n sensible de ubicaciones de memoria"
}
],
"id": "CVE-2021-37203",
"lastModified": "2024-11-21T06:14:51.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:26.473",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-37202
Vulnerability from fkie_nvd - Published: 2021-09-14 11:15 - Updated: 2024-11-21 06:14
Severity ?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf | Patch, Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | nx_1980 | * | |
| siemens | solid_edge | * | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 | |
| siemens | solid_edge | se2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A09766-0171-4DDA-9BF9-D379DA134571",
"versionEndExcluding": "1984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "576A303A-66CA-4694-AA54-9EB0137C24F1",
"versionEndExcluding": "se2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
"matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
"matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*",
"matchCriteriaId": "756343AA-DB57-40F7-94FA-84BFCDEB6159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*",
"matchCriteriaId": "36B0DD28-653E-4069-AB5A-38F8EFEB36CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*",
"matchCriteriaId": "82090774-D894-41C8-82F1-A48A8707E9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*",
"matchCriteriaId": "BD346D22-9B5D-4A50-94E2-1F5C8D391EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*",
"matchCriteriaId": "1466AEE0-4A5C-4E2D-80B8-43680F60FC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*",
"matchCriteriaId": "A4173D09-C317-45FF-ABA4-39E5592862F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El adaptador IFC de la aplicaci\u00f3n afectada contiene una vulnerabilidad de uso despu\u00e9s de libre que podr\u00eda activarse mientras se analizan los archivos IFC suministrados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"
}
],
"id": "CVE-2021-37202",
"lastModified": "2024-11-21T06:14:51.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:26.397",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
CVE-2021-37203 (GCVE-0-2021-37203)
Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
VLAI?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | NX 1980 Series |
Affected:
All versions < V1984
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NX 1980 Series",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1984"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T11:12:26",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NX 1980 Series",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1984"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP8"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37203",
"datePublished": "2021-09-14T10:47:56",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37202 (GCVE-0-2021-37202)
Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
VLAI?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | NX 1980 Series |
Affected:
All versions < V1984
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NX 1980 Series",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1984"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T11:12:25",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NX 1980 Series",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1984"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP8"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37202",
"datePublished": "2021-09-14T10:47:55",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37203 (GCVE-0-2021-37203)
Vulnerability from nvd – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
VLAI?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | NX 1980 Series |
Affected:
All versions < V1984
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NX 1980 Series",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1984"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T11:12:26",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NX 1980 Series",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1984"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP8"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37203",
"datePublished": "2021-09-14T10:47:56",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37202 (GCVE-0-2021-37202)
Vulnerability from nvd – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
VLAI?
Summary
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | NX 1980 Series |
Affected:
All versions < V1984
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NX 1980 Series",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1984"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T11:12:25",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NX 1980 Series",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1984"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP8"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37202",
"datePublished": "2021-09-14T10:47:55",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:04.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}