Information Disclosure Vulnerability in Siemens NX and Solid Edge Products
CVE-2021-41538

3.3LOW

Key Information:

Vendor: Siemens
Status: Nx 1953 Series; Nx 1980 Series; Solid Edge Se2021
Vendor: CVE Published:; 28 September 2021

🔔 Create Siemens Vulnerability Alert

What is CVE-2021-41538?

An information disclosure vulnerability has been discovered in Siemens NX and Solid Edge applications due to unexpected access to uninitialized pointers when processing user-supplied OBJ files. This weakness allows attackers to potentially leak sensitive information from unintended memory locations, posing a significant risk to data privacy and integrity.

Affected Version(s)

NX 1953 Series All versions < V1973.3700

NX 1980 Series All versions < V1988

Solid Edge SE2021 All versions < SE2021MP8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-72861...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-32804...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1122/

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2021
Vulnerability Reserved
Sep 21, 2021

.