CVE-2021-41534 – Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-41534
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703). Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada es vulnerable a una lectura fuera de límites más allá del final de un búfer asignado al analizar archivos JT. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1118 • CWE-125: Out-of-bounds Read •
CVE-2021-41533 – Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-41533
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). La aplicación afectada es vulnerable a una lectura fuera de límites más allá del final de un búfer asignado al analizar archivos JT. • https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-1117 • CWE-125: Out-of-bounds Read •
CVE-2021-37203
https://notcve.org/view.php?id=CVE-2021-37203
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El archivo plmxmlAdapterIFC.dll contiene una lectura fuera de límites al analizar los archivos IFC suministrados por el usuario, lo que podría dar lugar a una lectura más allá del final de un búfer asignado. • https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf • CWE-125: Out-of-bounds Read •
CVE-2021-37202
https://notcve.org/view.php?id=CVE-2021-37202
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process. Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El adaptador IFC de la aplicación afectada contiene una vulnerabilidad de uso después de libre que podría activarse mientras se analizan los archivos IFC suministrados por el usuario. • https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf • CWE-416: Use After Free •
CVE-2021-34329 – Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34329
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427) Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.2), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP5), Teamcenter Visualization (Todas las versiones anteriores a V13.2). • https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf https://www.zerodayinitiative.com/advisories/ZDI-21-867 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •