CVE-2021-43336 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43336
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-22-334 • CWE-787: Out-of-bounds Write •
CVE-2021-40357
https://notcve.org/view.php?id=CVE-2021-40357
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versión V4.3 (Todas las versiones anteriores a V4.3.10), Teamcenter Active Workspace versión V5.0 (Todas las versiones anteriores a V5.0.8), Teamcenter Active Workspace versión V5.1 (Todas las versiones anteriores a V5.1.5), Teamcenter Active Workspace versión V5.2 (Todas las versiones anteriores a V5.2.1). Una vulnerabilidad de salto de ruta en la aplicación podría permitir a un atacante omitir ciertas restricciones como el acceso directo a otros servicios dentro del host • https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-40356
https://notcve.org/view.php?id=CVE-2021-40356
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. Se ha identificado una vulnerabilidad en Teamcenter versión V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versión V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versión V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versión V13.2 (Todas las versiones anteriores a 13.2.0.2). La aplicación contiene una vulnerabilidad de tipo XML External Entity Injection (XXE). • https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2021-40355
https://notcve.org/view.php?id=CVE-2021-40355
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly. Se ha identificado una vulnerabilidad en Teamcenter versión V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versión V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versión V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versión V13.2 (Todas las versiones anteriores a 13.2.0.2). La aplicación afectada contiene una vulnerabilidad de Direct Object Reference (IDOR) que permite a un atacante usar la entrada suministrada por el usuario para acceder directamente a los objetos • https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2021-40354
https://notcve.org/view.php?id=CVE-2021-40354
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks". Se ha identificado una vulnerabilidad en Teamcenter versión V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versión V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versión V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versión V13.2 (Todas las versiones anteriores a 13.2.0.2). La funcionalidad "surrogate" en el perfil de usuario de la aplicación no lleva acabo un control de acceso suficiente que podría conllevar a una toma de posesión de la cuenta. • https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •