First published: Tue Sep 14 2021(Updated: )
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Nx 1980 | <1984 | |
Siemens Solid Edge | <se2021 | |
Siemens Solid Edge | =se2021 | |
Siemens Solid Edge | =se2021-maintenance_pack1 | |
Siemens Solid Edge | =se2021-maintenance_pack2 | |
Siemens Solid Edge | =se2021-maintenance_pack3 | |
Siemens Solid Edge | =se2021-maintenance_pack4 | |
Siemens Solid Edge | =se2021-maintenance_pack5 | |
Siemens Solid Edge | =se2021-maintenance_pack6 | |
Siemens Solid Edge | =se2021-maintenance_pack7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-37203.
The severity of CVE-2021-37203 is high with a CVSS score of 7.1.
NX 1980 Series (versions < V1984) and Solid Edge SE2021 (versions < SE2021MP8) are affected by CVE-2021-37203.
The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files, leading to a read past the end of an allocated buffer.
Siemens has released security advisories (SSA-208530 and SSA-728618) with mitigation measures for CVE-2021-37203.