Code Execution Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization
CVE-2021-34328

7.8HIGH

Key Information:

Vendor
Siemens
Status
Jt2go
Solid Edge Se2021
Teamcenter Visualization
Vendor
CVE Published:
13 July 2021

Summary

A significant vulnerability exists in JT2Go, Solid Edge SE2021, and Teamcenter Visualization, where improper validation of user-supplied data within the plmxmlAdapterSE70.dll library can lead to an out of bounds write. This weak validation allows an attacker to exploit the flaw by supplying crafted PAR files, potentially enabling unauthorized code execution within the affected applications' current processes.

Affected Version(s)

JT2Go All versions < V13.2

Solid Edge SE2021 All Versions < SE2021MP5

Teamcenter Visualization All versions < V13.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48318...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-17361...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-866/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.