First published: Tue Jan 12 2021(Updated: )
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Solid Edge | <se2020 | |
Siemens Solid Edge | =se2020 | |
Siemens Solid Edge | =se2020-maintenance_pack1 | |
Siemens Solid Edge | =se2020-maintenance_pack10 | |
Siemens Solid Edge | =se2020-maintenance_pack11 | |
Siemens Solid Edge | =se2020-maintenance_pack2 | |
Siemens Solid Edge | =se2020-maintenance_pack3 | |
Siemens Solid Edge | =se2020-maintenance_pack4 | |
Siemens Solid Edge | =se2020-maintenance_pack5 | |
Siemens Solid Edge | =se2020-maintenance_pack6 | |
Siemens Solid Edge | =se2020-maintenance_pack7 | |
Siemens Solid Edge | =se2020-maintenance_pack8 | |
Siemens Solid Edge | =se2020-maintenance_pack9 | |
Siemens Solid Edge | =se2021 | |
Siemens Solid Edge | =se2021-maintenance_pack1 | |
Siemens Solid Edge Viewer | ||
Siemens Solid Edge: All versions prior to SE2021MP2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-28381.
The title of this vulnerability is Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
Yes, user interaction is required to exploit this vulnerability.
The severity of CVE-2020-28381 is high, with a CVSS score of 7.8.
To fix CVE-2020-28381, update to the latest version of Siemens Solid Edge Viewer or apply the recommended security patch provided by the vendor.