Code Execution Vulnerability in JT2Go and Solid Edge by Siemens
CVE-2021-34329

7.8HIGH

Key Information:

Vendor
Siemens
Status
Jt2go
Solid Edge Se2021
Teamcenter Visualization
Vendor
CVE Published:
13 July 2021

Summary

A vulnerability exists in the plmxmlAdapterSE70.dll library utilized by JT2Go, Solid Edge, and Teamcenter Visualization. This flaw arises from the insufficient validation of user-supplied data during the parsing of PAR files. Consequently, an attacker could exploit this weakness to perform an out of bounds write, allowing execution of arbitrary code within the context of the current process. Proper validation mechanisms are crucial to mitigate such risks and protect users from potential exploitation.

Affected Version(s)

JT2Go All versions < V13.2

Solid Edge SE2021 All Versions < SE2021MP5

Teamcenter Visualization All versions < V13.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-48318...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-17361...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-867/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.