CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25175 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25175
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de conversión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-218 https://www.zerodayinitiative.com/advisories/ZDI-21-223 https://www.zerodayinitiative.com/advisories/ZDI-21-224 https://www.zerodayinitiative.com/advisories/ZDI-21-244 https://www.zerodayinitiative.com/advisories/ZDI-21-245 https://www.zerodayinitiative.com/advisories/ZDI-2 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25176 – Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25176
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe una derivación de puntero nulo al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-221 https://www.zerodayinitiative.com/advisories/ZDI-21-222 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25177 – Siemens JT2Go DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25177
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de confusión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25178 – Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25178
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.11. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria cuando la operación de recuperación se ejecuta con archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-220 https://www.zerodayinitiative.com/advisories/ZDI-21-240 https://www.zerodayinitiative.com/advisories/ZDI-21-243 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26996 – Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26996
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027) Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-062 • CWE-125: Out-of-bounds Read •