Lucene search

[email protected]CVE-2021-41536

HistorySep 28, 2021 - 12:15 p.m.

CVE-2021-41536

2021-09-2812:15:00

CWE-416

[email protected]

web.nvd.nist.gov

vulnerability

code execution

solid edge se2021

cve-2021-41536

use-after-free

obj files

security advisory

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).

CPENameOperatorVersion
siemens:solid_edgesiemens solid edgeltse2021

CPE	Name	Operator	Version
siemens:solid_edge	siemens solid edge	lt	se2021

References

cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

www.zerodayinitiative.com/advisories/ZDI-21-1120/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for CVE-2021-41536

zdi1 cnvd1 prion1 cvelist1 ics1