Out of Bounds Read Vulnerability in NX 1980 Series and Solid Edge SE2021 by Siemens
CVE-2021-41533

3.3LOW

Key Information:

Vendor
Siemens
Status
Nx 1980 Series
Solid Edge Se2021
Vendor
CVE Published:
28 September 2021

Summary

An out of bounds read vulnerability exists in the NX 1980 Series and Solid Edge SE2021 software. This flaw occurs when the application processes JT files, potentially allowing an attacker to read data beyond the allocated buffer. This can lead to the unintentional exposure of sensitive information within the current process, posing significant risks to data integrity and confidentiality.

Affected Version(s)

NX 1980 Series All versions < V1984

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1117/
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-74090...
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.