First published: Mon Jan 18 2021(Updated: )
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Software Development Kit | <2021.12 | |
Siemens COMOS | <10.4.1 | |
Siemens JT2Go | <13.1.0.1 | |
Siemens Teamcenter Visualization | <13.1.0.1 | |
Siemens JT2Go | ||
Siemens JT2Go | <13.1.0.1 | 13.1.0.1 |
Siemens Teamcenter Visualization | <13.1.0.1 | 13.1.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-25173 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go.
An attacker can exploit CVE-2021-25173 by tricking the target into visiting a malicious page or opening a malicious file.
Siemens JT2Go versions up to 13.1.0.1 are affected by CVE-2021-25173.
CVE-2021-25173 has a severity rating of 7.8 (high).
You can find more information about CVE-2021-25173 at the following references: [US-CERT Advisory](https://us-cert.cisa.gov/ics/advisories/icsa-21-040-06), [ZDI Advisory](https://www.zerodayinitiative.com/advisories/ZDI-21-225/), [Siemens CERT Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf)