Out-of-Bounds Write Flaw in Solid Edge by Siemens
CVE-2021-25678

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2020; Solid Edge Se2021
Vendor: CVE Published:; 22 April 2021

What is CVE-2021-25678?

A vulnerability in Solid Edge software affects multiple versions due to insufficient validation of user-supplied data when parsing PAR files. This can potentially allow an attacker to perform an out-of-bounds write, leading to code execution within the context of the current process. The flaw exists in versions prior to SE2020MP13, SE2020MP14, and SE2021MP4, posing risks for users who have not updated their software.

Affected Version(s)

Solid Edge SE2020 All versions < SE2020MP13

Solid Edge SE2020 All versions < SE2020MP14

Solid Edge SE2021 All Versions < SE2021MP4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-57444...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-611/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Jan 21, 2021