Out of Bounds Read Vulnerability in Solid Edge Product by Siemens
CVE-2021-27381

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2020; Solid Edge Se2021
Vendor: CVE Published:; 15 March 2021

Summary

A vulnerability in Solid Edge products arises from insufficient validation of user-supplied data during the parsing of PAR files. This flaw can lead to an out of bounds read beyond the boundaries of an allocated structure. If exploited, it could allow an attacker to execute arbitrary code within the context of the affected process, potentially compromising system integrity. Users are advised to upgrade to the latest versions (SE2020MP13 or SE2021MP3) to mitigate risks associated with this vulnerability.

Affected Version(s)

Solid Edge SE2020 All Versions < SE2020MP13

Solid Edge SE2021 All Versions < SE2021MP3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-71518...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Feb 18, 2021