CVE-2021-27382: Siemens Solid Edge Viewer DFT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Thu Apr 22 2021(Updated: )
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Solid Edge Viewer | <=se2020mp13 | |
| Siemens Solid Edge Se2021 | <se2021mp14 | |
| Siemens Solid Edge SE2020: All versions before SE2020MP13 | ||
| Siemens Solid Edge SE2020: All version before SE2020MP14 (only affected by CVE-2020-26997, CVE-2021-25678, CVE-2021-27382) | ||
| Siemens Solid Edge SE2021: All versions before SE2021MP4 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27382?
CVE-2021-27382 is a vulnerability in Siemens Solid Edge Viewer that allows remote attackers to execute arbitrary code.
How can the CVE-2021-27382 vulnerability be exploited?
The CVE-2021-27382 vulnerability can be exploited by visiting a malicious page or opening a malicious file.
What is the severity of CVE-2021-27382?
The severity of CVE-2021-27382 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2021-27382?
The Siemens Solid Edge Viewer versions se2020mp13 and up to se2021mp14 are affected by CVE-2021-27382.
Where can I find more information about CVE-2021-27382?
More information about CVE-2021-27382 can be found at the following references: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf), [US-CERT](https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06), [ZeroDay Initiative](https://www.zerodayinitiative.com/advisories/ZDI-21-612/).
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/author
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-612
- alias/ZDI-CAN-13040
- alias/CVE-2021-27382
- vendor/siemens
- canonical/siemens solid edge viewer
- version/siemens solid edge viewer/se2020mp13
- canonical/siemens solid edge se2021
- canonical/siemens solid edge se2020: all versions before se2020mp13
- canonical/siemens solid edge se2020: all version before se2020mp14 (only affected by cve-2020-26997, cve-2021-25678, cve-2021-27382)
- canonical/siemens solid edge se2021: all versions before se2021mp4