var-202106-1190
Vulnerability from variot

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK, which originates from a boundary condition in the recovery process of DWG files. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1190",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "drawing sdk",
        "scope": null,
        "trust": 1.4,
        "vendor": "open design alliance oda",
        "version": null
      },
      {
        "model": "jt2go",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "13.2.0.1"
      },
      {
        "model": "drawings sdk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "opendesign",
        "version": "2022.5"
      },
      {
        "model": "teamcenter visualization",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "13.2.0.1"
      },
      {
        "model": "comos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "10.4.1"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": "2022.4  all previous  s  - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": "2022.5  all previous  s  - cve-2021-32946 , cve-2021-32952"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": null
      },
      {
        "model": "jt2go",
        "scope": null,
        "trust": 0.7,
        "vendor": "siemens",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.4.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2021-32940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-392926",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-32940",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32940",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.4,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001881",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32940",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-32940",
            "trust": 1.4,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-32940",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001881",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-32940",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-681",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392926",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32940",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK, which originates from a boundary condition in the recovery process of DWG files. Affected products and versions are as follows: Drawings SDK: Before 2022.4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      }
    ],
    "trust": 4.23
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32940",
        "trust": 5.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-159-02",
        "trust": 2.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-986",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-155599",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-365397",
        "trust": 1.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97514209",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95145431",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-047-01",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-13412",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-19154",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-19134",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-069-06",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021081108",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031102",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021060909",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-222-01",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2046",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2700",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1047",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "id": "VAR-202106-1190",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      }
    ],
    "trust": 0.25799868000000004
  },
  "last_update_date": "2023-12-18T11:46:16.752000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "",
        "trust": 1.4,
        "url": "https://www.opendesign.com/security-advisories"
      },
      {
        "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance",
        "trust": 0.8,
        "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=movingtonewversion.html"
      },
      {
        "title": "",
        "trust": 0.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "title": "Open Design Alliance Drawings SDK Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=154859"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
      },
      {
        "trust": 2.4,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-986/"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.opendesign.com/security-advisories"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95145431"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97514209/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01"
      },
      {
        "trust": 0.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1047"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2046"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2700"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-23-120/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "date": "2021-06-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "date": "2021-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "date": "2021-06-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "date": "2021-06-17T13:15:07.923000",
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "date": "2021-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-986"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-134"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-120"
      },
      {
        "date": "2023-01-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392926"
      },
      {
        "date": "2023-03-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32940"
      },
      {
        "date": "2023-02-17T05:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "date": "2023-03-28T17:12:49.597000",
        "db": "NVD",
        "id": "CVE-2021-32940"
      },
      {
        "date": "2023-01-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-681"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.