var-202106-1193
Vulnerability from variot
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. Affected products and versions are as follows: Drawings SDK: Before 2022.4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1193", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jt2go", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "model": "drawings sdk", "scope": "lte", "trust": 1.0, "vendor": "opendesign", "version": "2022.4" }, { "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.4.1" }, { "model": "jt2go", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.2" }, { "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944" }, { "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": "2022.5 all previous s - cve-2021-32946 , cve-2021-32952" }, { "model": "drawings sdk", "scope": "eq", "trust": 0.8, "vendor": "open design alliance", "version": null }, { "model": "drawing sdk", "scope": null, "trust": 0.7, "vendor": "open design alliance oda", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2022.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.4.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-32946" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ], "trust": 2.0 }, "cve": "CVE-2021-32946", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-392932", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-32946", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2021-32946", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-001881", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-32946", "trust": 2.1, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-32946", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2021-001881", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202106-687", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-392932", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-32946", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. Affected products and versions are as follows: Drawings SDK: Before 2022.4", "sources": [ { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" } ], "trust": 4.23 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-32946", "trust": 5.5 }, { "db": "ICS CERT", "id": "ICSA-21-159-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-21-985", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-21-983", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-155599", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-938030", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-23-130", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97514209", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95145431", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-047-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001881", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13411", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-13409", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19148", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-22-069-06", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060908", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081107", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2046", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1047", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2702", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-222-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-687", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-392932", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-32946", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "id": "VAR-202106-1193", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-392932" } ], "trust": 0.25799868000000004 }, "last_update_date": "2023-12-18T11:26:02.701000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "", "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "title": "Open\u00a0Design\u00a0Alliance\u00a0( Login required ) Open\u00a0Design\u00a0Alliance", "trust": 0.8, "url": "https://docs.opendesign.com/td/frames.html?frmname=topic\u0026frmfile=movingtonewversion.html" }, { "title": "", "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "title": "Open Design Alliance Drawings SDK Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154864" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e0bde73e6fac136c31fc4dfabb276eae" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=dce38d2a1ec28e091a143e851596b2e8" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-754", "trust": 1.1 }, { "problemtype": "Out-of-bounds read (CWE-125) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Use of freed memory (CWE-416) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]", "trust": 0.8 }, { "problemtype": " Out-of-bounds writing (CWE-787) [IPA evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-392932" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-985/" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-983/" }, { "trust": 1.4, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32946" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95145431" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97514209/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32936" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32938" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32940" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32944" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32948" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32950" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32952" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01" }, { "trust": 0.7, "url": "https://www.opendesign.com/security-advisories" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1047" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081107" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2046" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2702" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060908" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031102" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06" }, { "trust": 0.2, "url": "https://cwe.mitre.org/data/definitions/754.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-130/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-21-985" }, { "db": "ZDI", "id": "ZDI-21-983" }, { "db": "ZDI", "id": "ZDI-23-130" }, { "db": "VULHUB", "id": "VHN-392932" }, { "db": "VULMON", "id": "CVE-2021-32946" }, { "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "db": "NVD", "id": "CVE-2021-32946" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-985" }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-983" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-130" }, { "date": "2021-06-17T00:00:00", "db": "VULHUB", "id": "VHN-392932" }, { "date": "2021-06-17T00:00:00", "db": "VULMON", "id": "CVE-2021-32946" }, { "date": "2021-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "date": "2021-06-17T12:15:08.023000", "db": "NVD", "id": "CVE-2021-32946" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-985" }, { "date": "2021-08-18T00:00:00", "db": "ZDI", "id": "ZDI-21-983" }, { "date": "2023-02-09T00:00:00", "db": "ZDI", "id": "ZDI-23-130" }, { "date": "2022-04-15T00:00:00", "db": "VULHUB", "id": "VHN-392932" }, { "date": "2022-04-15T00:00:00", "db": "VULMON", "id": "CVE-2021-32946" }, { "date": "2023-02-17T05:48:00", "db": "JVNDB", "id": "JVNDB-2021-001881" }, { "date": "2022-04-15T15:39:18.653000", "db": "NVD", "id": "CVE-2021-32946" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-687" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-687" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Open\u00a0Design\u00a0Alliance\u00a0 Made \u00a0Drawings\u00a0SDK\u00a0 Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001881" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.