47 matches found
CVE-2021-44018
CVE-2021-44018 is a memory corruption/out-of-bounds read vulnerability in the plmxmlAdapterSE70.dll used by Siemens visualization products. Exploitation targets PAR file parsing and, per ZDI, can lead to remote code execution with user interaction required. Affected products include JT2Go (all ve...
CVE-2021-44000
CVE-2021-44000 describes a heap-based buffer overflow in Siemens JT2Go/Solid Edge/Teamcenter Visualization products due to an out-of-bounds write in plmxmlAdapterSE70.dll when parsing PAR files. Concrete details from connected docs: affected components include JT2Go all versions prior to 13.2.0.7...
CVE-2021-44016
The CVE-2021-44016 issue is a memory corruption vulnerability in the plmxmlAdapterSE70.dll when parsing PAR files, enabling code execution in affected Siemens visualization products. Affected: JT2Go (all versions < V13.2.0.7), Solid Edge SE2021 (< SE2021MP9), Solid Edge SE2022 (< SE2022M...
CVE-2021-43336
CVE-2021-43336 affects the Open Design Alliance Drawings SDK prior to 2022.11. It is an out-of-bounds write issue during parsing of DXF/DWG files (invalid number of properties) that can cause a write past the end of an allocated buffer, enabling code execution in the context of the vulnerable pro...
CVE-2023-25140
CVE-2023-25140 affects Siemens Parasolid (V34.0, V34.1, V35.0, V35.1) and Solid Edge SE2022. A parsing-time out-of-bounds read on PAR files could enable code execution in the attacked process. Affected versions: Parasolid < V34.0.254, < V34.1.242, < V35.0.170, < V35.1.150; Solid Edge ...
CVE-2020-26989
CVE-2020-26989 affects Siemens JT2Go (all versions
CVE-2020-28383
CVE-2020-28383 affects Siemens JT2Go and Teamcenter Visualization (versions before 13.1.0.1). The vulnerability arises from improper validation of user-supplied data when parsing PAR files, allowing an out-of-bounds write past a memory location, which could enable code execution in the context of...
CVE-2021-34327
The CVE affects Siemens Solid Edge, JT2Go, and Teamcenter Visualization with a heap-based buffer overflow in plmxmlAdapterSE70.dll when parsing ASM files. Root cause: improper validation of user-supplied data leading to an out-of-bounds write and potential code execution in the affected process. ...
CVE-2021-34328
Siemens JT2Go (<V13.2), Solid Edge SE2021 (<SE2021MP5), and Teamcenter Visualization (
CVE-2021-41535
Siemens Siemens NX 1953 Series (before v1973.3700), NX 1980 Series (before v1988), and Solid Edge SE2021 (before SE2021MP8) have a use-after-free vulnerability in OBJ file parsing that could allow code execution in the current process (ZDI-CAN-13771). Public disclosures (ZDI-21-1119, RH Red Hat a...
CVE-2021-34329
Siemens JT2Go/Solid Edge/Teamcenter Visualization are affected by a heap-based buffer overflow in plmxmlAdapterSE70.dll when parsing PAR files. Impact: out-of-bounds write enabling code execution in the context of the current process. Affects JT2Go (all versions
CVE-2021-44014
CVE-2021-44014 affects Siemens JT Open (≤11.1.1.0), JT Utilities (≤13.1.1.0) and Solid Edge (≤2023). The Jt1001.dll contains a use-after-free vulnerability triggered while parsing specially crafted JT files, enabling code execution in the current process. Affected versions require updating to JT ...
CVE-2022-47935
The CVE-2022-47935 issue affects Siemens JT Open (pre-11.1.1.0), JT Utilities (pre-13.1.1.0), and Solid Edge (pre-2023). Root cause: a memory corruption vulnerability in Jt1001.dll when parsing specially crafted JT files, enabling code execution in the attacker’s context. Affects: JT Open, JT Uti...
CVE-2020-28384
The CVE-2020-28384 entry affects Siemens Solid Edge: SE2020 (before SE2020MP12) and SE2021 (before SE2021MP2). The root cause is improper validation of user-supplied data when parsing PAR files, leading to a stack-based buffer overflow. This condition could allow code execution in the context of ...
CVE-2021-37202
Siemens NX 1980 Series (all versions before v1984) and Solid Edge SE2021 (before SE2021MP8) are affected by CVE-2021-37202 due to a use-after-free vulnerability in the IFC adapter when parsing user-supplied IFC files. This could allow code execution in the context of the current process. Related ...
CVE-2021-41537
Solid Edge SE2021 (
CVE-2020-28382
Siemens Solid Edge SE2020/SE2021 (all versions prior to SE2020MP12/SE2021MP2) are affected by a PAR-file parsing vulnerability that can cause an out-of-bounds write, enabling code execution in the context of the affected process. The issue spans Solid Edge SE products and the Solid Edge Viewer, w...
CVE-2021-34326
Summary of CVE-2021-34326 : Siemens Solid Edge/JT2Go/Teamcenter Visualization are affected by a heap-based buffer overflow in the plmxmlAdapterSE70.dll when parsing PAR files. Affected versions: JT2Go < 13.2, Solid Edge SE2021 < SE2021MP5, Teamcenter Visualization
CVE-2021-37203
CVE-2021-37203 concerns Siemens NX/NX 1980 Series and Solid Edge SE2021 where the plmxmlAdapterIFC.dll performs an out-of-bounds read while parsing user-supplied IFC files. This can cause a denial-of-service or memory information leakage. Affected: NX 1980 Series (all versions before V1984) and S...
CVE-2021-41534
CVE-2021-41534 affects Siemens NX 1980 Series (all versions before v1984) and Solid Edge SE2021 (all versions before SE2021MP8). Root cause: an out-of-bounds read past the end of an allocated buffer during JT file parsing, leading to potential information disclosure within the process. Mitigation...
CVE-2020-28386
Siemens Solid Edge is affected by CVE-2020-28386 due to improper validation of data when parsing DFT files, causing an out-of-bounds write past an allocated structure and enabling code execution in the current process. The issue is described in ZDI-21-077 (Solid Edge Viewer) and is tied to Solid ...
CVE-2021-41533
Siemens NX 1980 Series and Solid Edge SE2021 are affected by CVE-2021-41533 due to an out-of-bounds read when parsing JT files, enabling potential information disclosure within the current process. Siemens fixes are available: update NX 1980 Series to v1984+ and SE2021 to SE2021MP8+. The issue wa...
CVE-2021-41539
CVE-2021-41539 concerns Siemens Solid Edge SE2021 (all versions before SE2021MP8) with a use-after-free in OBJ file parsing that could allow code execution in the affected process. Multiple sources (ZDI-21-1123; RH security advisory; CNVD; NVD/NVD list) describe the flaw as affecting the OBJ pars...
CVE-2022-37864
Siemens Solid Edge prior to SE2022MP9 is affected by CVE-2022-37864, a heap-based buffer overflow when parsing DWG files. It allows code execution in the current process with local attack vector and user interaction required. Mitigation: update to SE2022MP9 or later or avoid untrusted DWG files; ...
CVE-2020-28381
Siemens Solid Edge PAR file parsing contains an out-of-bounds write due to insufficient input validation, enabling possible remote code execution in the current process. Affected products include Solid Edge SE2020 (< SE2020MP12) and SE2021 (
CVE-2021-41538
CVE-2021-41538 : Siemens Solid Edge/NX OBJ parsing uninitialized pointer information disclosure. Affected products and versions include: NX 1953 Series (all versions < V1973.3700) and NX 1980 Series (all versions < V1988); Solid Edge SE2021 (all versions = V1973.3700, NX 1980 >= V1988, a...
CVE-2021-44002
CVE-2021-44002 affects Siemens JT Open (pre-11.1.1.0), JT Utilities (pre-13.1.1.0), and Solid Edge (pre-2023). The Jt1001.dll suffers an out-of-bounds write past an allocated structure while parsing crafted JT files, potentially enabling code execution in the current process. Mitigations from Sie...
CVE-2021-27380
Siemens Solid Edge is affected: PAR-file parsing vulnerability in Solid Edge SE2020 (< SE2020MP13) and SE2021 (
CVE-2023-39549
CVE-2023-39549 affects Siemens Solid Edge SE2023 (all versions
CVE-2020-28387
CVE-2020-28387 affects Siemens Solid Edge SE2020 before SE2020MP13 and SE2021 before SE2021MP3. The issue arises when opening specially crafted SEECTCXML files; the XML parser can process external entities (XXE) due to insufficient restrictions, enabling disclosure of arbitrary files to an attack...
CVE-2021-41536
Solid Edge SE2021 (all versions before SE2021MP8) contains a use-after-free in OBJ file parsing that can lead to code execution in the affected process (ZDI-21-1120). The issue is tied to the OBJ parser’s handling of objects/files and lacks validation, enabling an attacker to trigger arbitrary co...
CVE-2021-41540
Solid Edge SE2021 before MP8 contains a use‑after‑free flaw when parsing OBJ files, allowing code execution in the current process (CVE-2021-41540; ZDI-21-1124). Affected product: Solid Edge SE2021 (all versions
CVE-2022-47967
CVE-2022-47967 affects Siemens Solid Edge prior to V2023 MP1. The DOCMGMT.DLL contains a memory corruption flaw triggered when parsing file formats such as PAR, ASM, and DFT, potentially allowing code execution in the context of the current process. The vulnerability is rated CVSS v3.1 base score...
CVE-2020-28385
Siemens Solid Edge vulnerabilities CVE-2020-28385 affect Solid Edge SE2020 (before SE2020MP13) and SE2021 (before SE2021MP4). The root cause is improper validation of user-supplied data when parsing DFT files, leading to an out-of-bounds write past the end of an allocated structure and potential ...
CVE-2023-39185
CVE-2023-39185 affects Siemens Solid Edge SE2023: all versions prior to V223.0 Update 7 are vulnerable to an out-of-bounds read past the end of an allocated structure while parsing specially crafted PAR files, which could allow code execution in the process context. Siemens has released V223.0 Up...
CVE-2021-27381
Solid Edge CVE-2021-27381 affects Solid Edge SE2020 (before MP13) and SE2021 (before MP3). The flaw is an out-of-bounds read when parsing PAR files, enabling an attacker to execute code in the current process. Remediation: update to Solid Edge SE2020 MP13 or later, and SE2021 MP3 or later (note: ...
CVE-2023-39186
CVE-2023-39186 affects Siemens Solid Edge SE2023: all versions before V223.0 Update 7 are vulnerable to an out-of-bounds read past the end of an allocated structure while parsing specially crafted DFT files, potentially allowing code execution in the current process. The issue is tied to Solid Ed...
CVE-2023-39184
Siemens Solid Edge SE2023 is affected. All versions prior to V223.0 Update 7 expose an out-of-bounds read while parsing specially crafted PSM files, allowing code execution in the current process. The issue is confirmed in CVE-2023-39184 and is addressed by updating to V223.0 Update 7 or later. S...
CVE-2023-39419
CVE-2023-39419 affects Siemens Solid Edge SE2023 (all versions
CVE-2023-39181
CVE-2023-39181 affects Siemens Solid Edge SE2023 (all versions before V223.0 Update 7). The vulnerability is an out-of-bounds write past the end of an allocated buffer during parsing of a specially crafted PAR file, potentially allowing code execution in the current process. Affected product: Sol...
CVE-2023-39187
Solid Edge SE2023 is affected by CVE-2023-39187 (and related entries) due to an out-of-bounds read past the end of an allocated structure while parsing DFT files. Affected: all versions prior to V223.0 Update 7. Root cause: out-of-bounds read in the DFT parsing path could allow code execution in ...
CVE-2023-39188
Siemens Solid Edge SE2023 is affected by CVE-2023-39188 (Solid Edge SE2023: all versions before V223.0 Update 7) due to an out-of-bounds read past the end of an allocated structure while parsing DFT files. This vulnerability could allow code execution in the current process. Siemens has released ...
CVE-2023-39183
Solid Edge SE2023 is affected (all versions prior to V223.0 Update 7) by CVE-2023-39183 due to an out-of-bounds read past the end of an allocated structure while parsing specially crafted PSM files, potentially allowing code execution in the current process. Siemens provides a fix in V223.0 Updat...
CVE-2023-39182
Solid Edge SE2023 is affected by CVE-2023-39182: an out-of-bounds read past the end of an allocated structure while parsing DFT files in all versions before V223.0 Update 7. The vulnerability could allow code execution in the current process. Siemens provides a fix in V223.0 Update 7 and recommen...
CVE-2025-40741
Siemens Solid Edge SE2025 prior to V225.0 Update 5 is affected by a stack-based overflow while parsing specially crafted CFG files. The issue is triggered during CFG file processing and can allow code execution in the context of the current process. Vulnerable component is the CFG file parser; ro...
CVE-2025-40740
Siemens Solid Edge SE2025 is affected by CVE-2025-40740, an out-of-bounds read when parsing specially crafted PAR files, allowing code execution in the current process. Affected product: Solid Edge SE2025 (all versions before V225.0 Update 5). Root cause: out-of-bounds read past the end of an all...
CVE-2025-40739
Summary (CVE-2025-40739) : Siemens Solid Edge SE2025 prior to V225.0 Update 5 contains an out-of-bounds read while parsing specially crafted PAR files, which can lead to code execution in the process context. This vulnerability affects Solid Edge SE2025 versions before the Update 5 release. Accor...