CVE-2021-41533

3.3LOW

Key Information:

Vendor
Siemens
Status
Nx 1980 Series
Solid Edge Se2021
Vendor
CVE Published:
28 September 2021

Summary

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).

Affected Version(s)

NX 1980 Series All versions < V1984

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1117/
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-74090...
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.