Improper Data Validation in Solid Edge SE2020 and SE2021 by Siemens
CVE-2020-26997

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2020; Solid Edge Se2021
Vendor: CVE Published:; 22 April 2021

Summary

A significant vulnerability exists within Solid Edge SE2020 and SE2021 due to improper validation of user-supplied data while parsing PAR files. This flaw could allow an attacker to exploit untrusted inputs, leading to potential pointer dereferences. If successfully exploited, code could be executed in the context of the current process, potentially compromising system integrity. Users of Solid Edge should prioritize updates and security measures to mitigate this risk. For further mitigation details, refer to the Siemens security advisory.

Affected Version(s)

Solid Edge SE2020 All versions < SE2020MP13

Solid Edge SE2020 All versions < SE2020MP14

Solid Edge SE2021 All Versions < SE2021MP4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-57444...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Oct 12, 2020