Use-After-Free Vulnerability in Siemens NX and Solid Edge Products
CVE-2021-41535

7.8HIGH

Key Information:

Vendor
Siemens
Status
Nx 1953 Series
Nx 1980 Series
Solid Edge Se2021
Vendor
CVE Published:
28 September 2021

Summary

A use-after-free vulnerability has been discovered within Siemens NX 1953 Series and NX 1980 Series, as well as in Solid Edge SE2021. This vulnerability occurs during the parsing of OBJ files, allowing an attacker to potentially execute arbitrary code in the context of the affected application. As a result, it poses significant risks to users of these product versions below the specified thresholds.

Affected Version(s)

NX 1953 Series All versions < V1973.3700

NX 1980 Series All versions < V1988

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1119/
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-32804...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.