Out of Bounds Read Vulnerability in NX 1980 Series and Solid Edge SE2021 by Siemens
CVE-2021-41534

3.3LOW

Key Information:

Vendor

Siemens
Status
Nx 1980 Series
Solid Edge Se2021
Vendor
CVE Published:
28 September 2021

What is CVE-2021-41534?

A vulnerability exists in Siemens NX 1980 Series and Solid Edge SE2021 products which allows for an out of bounds read past the end of an allocated buffer. This issue arises during the parsing of JT files, potentially enabling an attacker to leak sensitive information within the context of the vulnerable process. Precautions are advised to mitigate risks associated with this vulnerability.

Affected Version(s)

NX 1980 Series All versions < V1984

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-74090...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1118/
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.