Lucene search

PRIOn knowledge basePRION:CVE-2021-32938

HistoryJun 17, 2021 - 1:15 p.m.

Out-of-bounds

2021-06-1713:15:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

JSON

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.

CPENameOperatorVersion
drawings_sdklt2022.4
comoslt10.4.1
jt2golt13.2.0.1
teamcenter_visualizationlt13.2.0.1

Name	Operator	Version
drawings_sdk	lt	2022.4
comos	lt	10.4.1
jt2go	lt	13.2.0.1
teamcenter_visualization	lt	13.2.0.1

References

cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-159-02

www.zerodayinitiative.com/advisories/ZDI-21-980/