CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25177 – Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25177
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de confusión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25178 – Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25178
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.11. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria cuando la operación de recuperación se ejecuta con archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-220 https://www.zerodayinitiative.com/advisories/ZDI-21-240 https://www.zerodayinitiative.com/advisories/ZDI-21-243 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-28383 – Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-28383
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 https://www.zerodayinitiative.com/advisories/ZDI-21-047 https://www.zerodayinitiative.com/advisories/ZDI-21-054 https://www.zerodayinitiative.com/advisories/ZDI-21-073 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-26989 – Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26989
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-050 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-26990 – Siemens JT2Go ASM File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26990
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.1.0.1), Teamcenter Visualization (Todas las versiones anteriores a V13.1.0.1). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-055 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •