Use-After-Free Vulnerability in Solid Edge SE2021 by Siemens
CVE-2021-41537

7.8HIGH

Key Information:

Vendor: Siemens
Status: Solid Edge Se2021
Vendor: CVE Published:; 28 September 2021

Summary

A vulnerability exists in Solid Edge SE2021 before version SE2021MP8, that results from improper handling of memory during the parsing of OBJ files. This use-after-free issue can be exploited by attackers to take control of the affected application, allowing them to execute arbitrary code within the context of the current process. Proper input validation and memory management practices are essential to mitigate this vulnerability and ensure the security of affected systems.

Affected Version(s)

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1121/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2021
Vulnerability Reserved
Sep 21, 2021