CVE-2021-32950
Siemens JT2Go DXF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.
Se presenta un problema de lectura fuera de límites en el análisis de archivos DXF en Drawings SDK (todas las versiones anteriores a 2022.4) resultando en una falta de comprobación apropiada de los datos suministrados por el usuario. Esto puede resultar en una lectura más allá del final de un búfer asignado y permite a atacantes causar una condición de denegación de servicio o leer información confidencial de las ubicaciones de memoria
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-13 CVE Reserved
- 2021-06-17 CVE Published
- 2024-03-02 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-21-988 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | 2022-04-15 | |
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf | 2022-04-15 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opendesign Search vendor "Opendesign" | Drawings Sdk Search vendor "Opendesign" for product "Drawings Sdk" | < 2022.4 Search vendor "Opendesign" for product "Drawings Sdk" and version " < 2022.4" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Comos Search vendor "Siemens" for product "Comos" | < 10.4.1 Search vendor "Siemens" for product "Comos" and version " < 10.4.1" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Jt2go Search vendor "Siemens" for product "Jt2go" | < 13.2.0.1 Search vendor "Siemens" for product "Jt2go" and version " < 13.2.0.1" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Teamcenter Visualization Search vendor "Siemens" for product "Teamcenter Visualization" | < 13.2.0.1 Search vendor "Siemens" for product "Teamcenter Visualization" and version " < 13.2.0.1" | - |
Affected
|