CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25177 – Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25177
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de confusión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25178 – Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25178
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.11. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria cuando la operación de recuperación se ejecuta con archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-220 https://www.zerodayinitiative.com/advisories/ZDI-21-240 https://www.zerodayinitiative.com/advisories/ZDI-21-243 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26996 – Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26996
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-062 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26992
https://notcve.org/view.php?id=CVE-2020-26992
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process. Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26993
https://notcve.org/view.php?id=CVE-2020-26993
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process. Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •