CVE-2021-41539 – Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41539
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773). Se ha identificado una vulnerabilidad en Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada contiene una vulnerabilidad de uso de memoria previamente liberada mientras analiza archivos OBJ. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1123 • CWE-416: Use After Free •
CVE-2021-41540 – Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41540
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776). Se ha identificado una vulnerabilidad en Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada contiene una vulnerabilidad de uso de memoria previamente liberada mientras se analizan archivos OBJ. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1124 • CWE-416: Use After Free •
CVE-2021-41538 – Siemens Solid Edge Viewer OBJ File Parsing Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-41538
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). Se ha identificado una vulnerabilidad en NX 1953 Series (Todas las versiones anteriores a V1973.3700), NX 1980 Series (Todas las versiones anteriores a V1988), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada es vulnerable a la divulgación de información por el acceso inesperado a un puntero no inicializado mientras se analizan los archivos OBJ suministrados por el usuario. • https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1122 • CWE-824: Access of Uninitialized Pointer •
CVE-2021-41537 – Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41537
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789). Se ha identificado una vulnerabilidad en Solid Edge versión SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada contiene una vulnerabilidad de uso de memoria previamente liberada mientras analiza archivos OBJ. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1121 • CWE-416: Use After Free •
CVE-2021-41536 – Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41536
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778). Se ha identificado una vulnerabilidad en Solid Edge versión SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada contiene una vulnerabilidad de uso de memoria previamente liberada mientras analiza archivos OBJ. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1120 • CWE-416: Use After Free •