Information disclosure

2021-09-2812:15:00

PRIOn knowledge base

www.prio-n.com

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

CPENameOperatorVersion
nx_1957_firmwarelt1973.3700
nx_1961_firmwarelt1973.3700
nx_1965_firmwarelt1973.3700
nx_1969_firmwarelt1973.3700
nx_1984_firmwarelt1984
nx_1988_firmwarelt1984
solid_edgeeq< se2021
solid_edgeeq2021.0.0-se
solid_edgeeqse2021 maintenance-pack1
solid_edgeeqse2021 maintenance-pack2

Name	Operator	Version
nx_1957_firmware	lt	1973.3700
nx_1961_firmware	lt	1973.3700
nx_1965_firmware	lt	1973.3700
nx_1969_firmware	lt	1973.3700
nx_1984_firmware	lt	1984
nx_1988_firmware	lt	1984
solid_edge	eq	< se2021
solid_edge	eq	2021.0.0-se
solid_edge	eq	se2021 maintenance-pack1
solid_edge	eq	se2021 maintenance-pack2