First published: Tue Sep 28 2021(Updated: )
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Solid Edge | <se2021 | |
Siemens Solid Edge | =se2021 | |
Siemens Solid Edge | =se2021-maintenance_pack1 | |
Siemens Solid Edge | =se2021-maintenance_pack2 | |
Siemens Solid Edge | =se2021-maintenance_pack3 | |
Siemens Solid Edge | =se2021-maintenance_pack4 | |
Siemens Solid Edge | =se2021-maintenance_pack5 | |
Siemens Solid Edge | =se2021-maintenance_pack6 | |
Siemens Solid Edge | =se2021-maintenance_pack7 | |
Siemens Nx 1984 Firmware | <1984 | |
Siemens Nx 1984 | ||
Siemens Nx 1988 Firmware | <1984 | |
Siemens Nx 1988 | ||
Siemens Solid Edge Viewer | ||
All of | ||
Siemens Nx 1984 Firmware | <1984 | |
Siemens Nx 1984 | ||
All of | ||
Siemens Nx 1988 Firmware | <1984 | |
Siemens Nx 1988 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Siemens Solid Edge Viewer vulnerability is CVE-2021-41534.
CVE-2021-41534 has a severity rating of 3.3 (medium).
This vulnerability allows remote attackers to disclose sensitive information by exploiting a flaw in Siemens Solid Edge Viewer's JT file parsing, requiring user interaction.
An attacker can exploit CVE-2021-41534 by tricking the target into visiting a malicious page or opening a malicious file.
Yes, Siemens has released security advisories with fixes for CVE-2021-41534. Please refer to the provided references for more information.