CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22643 – Siemens Solid Edge Viewer 3DS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22643
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son vulnerables a una lectura fuera de límites mientras se procesan archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 https://www.zerodayinitiative.com/advisories/ZDI-21-316 https://www.zerodayinitiative.com/advisories/ZDI-21-319 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22645 – Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22645
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son vulnerables a un ataque porque los documentos .bip muestran un comando "load", que puede ser apuntado a una .dll desde un recurso compartido de red remoto. Como resultado, el punto de entrada .dll puede ser ejecutado sin suficiente advertencia de la Interfaz de Usuario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BIP files. • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 https://www.zerodayinitiative.com/advisories/ZDI-21-323 • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22649 – Siemens Solid Edge Viewer JT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22649
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, presentan múltiples problemas de desreferencia de puntero NULL mientras se procesar archivos de proyecto, lo que puede permitir a un atacante ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 https://www.zerodayinitiative.com/advisories/ZDI-21-317 https://www.zerodayinitiative.com/advisories/ZDI-21-325 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-28386 – Siemens Solid Edge Viewer DFT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-28386
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2). • https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 https://www.zerodayinitiative.com/advisories/ZDI-21-060 https://www.zerodayinitiative.com/advisories/ZDI-21-077 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-28381 – Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-28381
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process. Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2). • https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 https://www.zerodayinitiative.com/advisories/ZDI-21-048 https://www.zerodayinitiative.com/advisories/ZDI-21-053 https://www.zerodayinitiative.com/advisories/ZDI-21-074 • CWE-787: Out-of-bounds Write •