What is the severity of CVE-2020-26997?

The severity of CVE-2020-26997 is high with a value of 7.8.

What is affected by CVE-2020-26997?

Solid Edge SE2020 (all versions prior to SE2020MP13), Solid Edge SE2020 (all versions prior to SE2020MP14), and Solid Edge SE2021 (all versions prior to SE2021MP4) are affected by CVE-2020-26997.

What is the vulnerability description of CVE-2020-26997?

CVE-2020-26997 is a vulnerability found in Solid Edge SE2020 and SE2021 that is caused by the lack of proper validation of user-supplied data when parsing PAR files, which can lead to pointer derangement.

How can the CVE-2020-26997 vulnerability be exploited?

The CVE-2020-26997 vulnerability can be exploited by supplying malicious input in PAR files during the parsing process.

Are there any references for CVE-2020-26997?

Yes, you can refer to the following documents for more information on CVE-2020-26997: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf) and [Link 2](https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06).

Vulnerability/
CVE-2020-26997

high

7.8

CWE

822 119

22/4/2021

4/8/2024

CVE-2020-26997: Buffer Overflow

First published: Thu Apr 22 2021(Updated: )

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Solid Edge Viewer	<=se2020mp13
Siemens Solid Edge Se2021	<se2021mp14
Siemens Solid Edge SE2020: All versions before SE2020MP13
Siemens Solid Edge SE2020: All version before SE2020MP14 (only affected by CVE-2020-26997, CVE-2021-25678, CVE-2021-27382)
Siemens Solid Edge SE2021: All versions before SE2021MP4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-103-06

Frequently Asked Questions

What is the severity of CVE-2020-26997?
The severity of CVE-2020-26997 is high with a value of 7.8.
What is affected by CVE-2020-26997?
Solid Edge SE2020 (all versions prior to SE2020MP13), Solid Edge SE2020 (all versions prior to SE2020MP14), and Solid Edge SE2021 (all versions prior to SE2021MP4) are affected by CVE-2020-26997.
What is the vulnerability description of CVE-2020-26997?
CVE-2020-26997 is a vulnerability found in Solid Edge SE2020 and SE2021 that is caused by the lack of proper validation of user-supplied data when parsing PAR files, which can lead to pointer derangement.
How can the CVE-2020-26997 vulnerability be exploited?
The CVE-2020-26997 vulnerability can be exploited by supplying malicious input in PAR files during the parsing process.
Are there any references for CVE-2020-26997?
Yes, you can refer to the following documents for more information on CVE-2020-26997: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf) and [Link 2](https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06).

collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/references
agent/severity
agent/author
agent/description
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens solid edge viewer
version/siemens solid edge viewer/se2020mp13
canonical/siemens solid edge se2021
canonical/siemens solid edge se2020: all versions before se2020mp13
canonical/siemens solid edge se2020: all version before se2020mp14 (only affected by cve-2020-26997, cve-2021-25678, cve-2021-27382)
canonical/siemens solid edge se2021: all versions before se2021mp4