var-202106-1192
Vulnerability from variot

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a resource management error vulnerability in the Drawings SDK, which is caused by a "free after use" error in the process of reading DGN files. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1192",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jt2go",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "drawing sdk",
        "scope": null,
        "trust": 1.4,
        "vendor": "open design alliance oda",
        "version": null
      },
      {
        "model": "drawings sdk",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "opendesign",
        "version": "2022.4"
      },
      {
        "model": "teamcenter visualization",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "13.2.0.1"
      },
      {
        "model": "comos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "10.4.1"
      },
      {
        "model": "jt2go",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "13.2.0.1"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": "2022.4  all previous  s  - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": "2022.5  all previous  s  - cve-2021-32946 , cve-2021-32952"
      },
      {
        "model": "drawings sdk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "open design alliance",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.2.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mat Powell \u0026 Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      }
    ],
    "trust": 1.4
  },
  "cve": "CVE-2021-32944",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-392930",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-32944",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32944",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.8,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-001881",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-32944",
            "trust": 2.8,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-32944",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-001881",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-688",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392930",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32944",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a resource management error vulnerability in the Drawings SDK, which is caused by a \"free after use\" error in the process of reading DGN files. Affected products and versions are as follows: Drawings SDK: Before 2022.4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      }
    ],
    "trust": 4.86
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32944",
        "trust": 6.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-159-02",
        "trust": 2.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-990",
        "trust": 2.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-155599",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-365397",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97514209",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95145431",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-047-01",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-13468",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-13413",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-19152",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-19151",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131",
        "trust": 0.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-069-06",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-222-01",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021060909",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021081108",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031102",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2046",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1047",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2700",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "id": "VAR-202106-1192",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      }
    ],
    "trust": 0.25799868000000004
  },
  "last_update_date": "2023-12-18T11:20:13.620000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "",
        "trust": 1.4,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "title": "",
        "trust": 1.4,
        "url": "https://www.opendesign.com/security-advisories"
      },
      {
        "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance",
        "trust": 0.8,
        "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=movingtonewversion.html"
      },
      {
        "title": "Drawings SDK Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153338"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b2237aa5ac819041f827cc4fd4128631"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-416",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
      },
      {
        "trust": 2.4,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-990/"
      },
      {
        "trust": 1.9,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-987/"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.opendesign.com/security-advisories"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95145431"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97514209/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1047"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2046"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021081108"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2700"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021060909"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06"
      },
      {
        "trust": 0.2,
        "url": "https://cwe.mitre.org/data/definitions/416.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "date": "2021-06-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "date": "2021-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "date": "2021-06-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "date": "2021-06-17T13:15:08.083000",
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "date": "2021-08-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-987"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-132"
      },
      {
        "date": "2023-02-09T00:00:00",
        "db": "ZDI",
        "id": "ZDI-23-131"
      },
      {
        "date": "2022-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392930"
      },
      {
        "date": "2022-04-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32944"
      },
      {
        "date": "2023-02-17T05:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-001881"
      },
      {
        "date": "2022-04-15T15:36:24.180000",
        "db": "NVD",
        "id": "CVE-2021-32944"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-688"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens JT2Go DGN File Parsing Use-After-Free Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-990"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-987"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.