CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25678 – Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25678
22 Apr 2021 — A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529) Se ha identificado una vulnerabilidad en ... • https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27382 – Siemens Solid Edge Viewer DFT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27382
22 Apr 2021 — A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040) Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las ... • https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26997 – Siemens Solid Edge Viewer PAR File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26997
13 Apr 2021 — A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919) Se ha identificado una vulnerabilidad en S... • https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2021-22651 – Siemens Solid Edge Viewer ZIP Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22651
23 Feb 2021 — When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. Cuando se carga un archivo especialmente diseñado, Luxion KeyShot versiones anteriores a 10.1, Lux... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22647 – Siemens Solid Edge Viewer CATPart File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22647
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anterior... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22643 – Siemens Solid Edge Viewer 3DS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22643
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.1, son... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22645 – Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22645
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeySho... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22649 – Siemens Solid Edge Viewer JT File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22649
23 Feb 2021 — Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. Luxion KeyShot versiones anteriores a 10.1, Luxion KeyShot Viewer versiones anteriores a 10.1, Luxion KeyShot Network Rendering versiones anteriores a 10.1 y Luxion KeyVR versiones anteriores a 10.... • https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •