User Input Validation Flaw in Solid Edge by Siemens
CVE-2020-28381

7.8HIGH

Key Information:

Vendor
Siemens
Status
Solid Edge Se2020
Solid Edge Se2021
Vendor
CVE Published:
12 January 2021

Summary

A significant vulnerability has been found in Solid Edge, impacting its SE2020 and SE2021 versions. The flaw arises from the inadequate validation of user-supplied data when handling PAR files. This could lead to out-of-bounds writing into uninitialized memory, creating an opportunity for attackers to execute harmful code within the context of the running process, thereby posing a serious risk to users and systems reliant on this software.

Affected Version(s)

Solid Edge SE2020 All Versions < SE2020MP12

Solid Edge SE2021 All Versions < SE2021MP2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-97983...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-048/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-053/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.