Lucene search

[email protected]CVE-2021-41538

HistorySep 28, 2021 - 12:15 p.m.

CVE-2021-41538

2021-09-2812:15:08

CWE-824

[email protected]

web.nvd.nist.gov

cve-2021-41538

vulnerability

nx 1953

nx 1980

solid edge se2021

information disclosure

uninitialized pointer

obj files

memory locations

zdi-can-13770

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.4 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

Affected configurations

NVD

Node

siemenssolid_edgeRange<se2021

siemenssolid_edgeMatchse2021-

siemenssolid_edgeMatchse2021maintenance_pack1

siemenssolid_edgeMatchse2021maintenance_pack2

siemenssolid_edgeMatchse2021maintenance_pack3

siemenssolid_edgeMatchse2021maintenance_pack4

siemenssolid_edgeMatchse2021maintenance_pack5

siemenssolid_edgeMatchse2021maintenance_pack6

siemenssolid_edgeMatchse2021maintenance_pack7

Node

siemensnx_1984_firmwareRange<1984

AND

siemensnx_1984Match-

Node

siemensnx_1988_firmwareRange<1984

AND

siemensnx_1988Match-

Node

siemensnx_1957_firmwareRange<1973.3700

AND

siemensnx_1957Match-

Node

siemensnx_1961_firmwareRange<1973.3700

AND

siemensnx_1961Match-

Node

siemensnx_1965_firmwareRange<1973.3700

AND

siemensnx_1965Match-

Node

siemensnx_1969_firmwareRange<1973.3700

AND

siemensnx_1969Match-

CPENameOperatorVersion
siemens:solid_edgesiemens solid edgeltse2021

CPE	Name	Operator	Version
siemens:solid_edge	siemens solid edge	lt	se2021

CNA Affected

[
  {
    "product": "NX 1953 Series",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1973.3700"
      }
    ]
  },
  {
    "product": "NX 1980 Series",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1988"
      }
    ]
  },
  {
    "product": "Solid Edge SE2021",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < SE2021MP8"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf

cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

www.zerodayinitiative.com/advisories/ZDI-21-1122/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.4 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

Related for CVE-2021-41538

cnvd1 prion1 nvd1 zdi1 cvelist1 ics2