CVE-2021-41535

🗓️ 28 Sep 2021 11:12:29Reported by siemensType

A use-after-free vulnerability in NX 1953, NX 1980, and Solid Edge SE2021 allows code execution via OBJ file parsing (CVE-2021-41535

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the Siemens Solid Edge Viewer application, a tool set for design and simulation with Siemens Solid Edge, allows a malicious actor to execute arbitrary code.	13 Oct 202100:00	–	bdu_fstec
Circl	CVE-2021-41535	28 Sep 202116:35	–	circl
CNNVD	Siemens Solid Edge 资源管理错误漏洞	28 Sep 202100:00	–	cnnvd
CNVD	Siemens Solid Edge Post-Release Reuse Vulnerability (CNVD-2021-75891)	29 Sep 202100:00	–	cnvd
CVE	CVE-2021-41535	28 Sep 202111:12	–	cve
EUVD	EUVD-2021-28553	3 Oct 202520:07	–	euvd
ICS	Siemens Solid Edge	28 Sep 202100:00	–	ics
ICS	Siemens NX OBJ Translator	9 Nov 202100:00	–	ics
NVD	CVE-2021-41535	28 Sep 202112:15	–	nvd
OSV	CVE-2021-41535	28 Sep 202112:15	–	osv

[
  {
    "product": "NX 1953 Series",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1973.3700"
      }
    ]
  },
  {
    "product": "NX 1980 Series",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1988"
      }
    ]
  },
  {
    "product": "Solid Edge SE2021",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < SE2021MP8"
      }
    ]
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-1119/
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

09 Nov 2021 11:32Current

7.8High risk

Vulners AI Score7.8

EPSS0.0059

CWE-416