What is the severity of CVE-2021-41536?

The severity of CVE-2021-41536 is high with a CVSS score of 7.8.

How does CVE-2021-41536 impact Siemens Solid Edge Viewer?

CVE-2021-41536 allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.

What is the required user interaction to exploit CVE-2021-41536?

User interaction is required to exploit CVE-2021-41536 in that the target must visit a malicious page or open a malicious file.

Is there a fix available for CVE-2021-41536?

Yes, Siemens has released a security advisory with fixes for CVE-2021-41536. Please refer to the Siemens Solid Edge Viewer product page for more information.

Where can I find more information about CVE-2021-41536?

You can find more information about CVE-2021-41536 in the Siemens Solid Edge Viewer security advisory and the Zero Day Initiative advisory.

Vulnerability/
CVE-2021-41536

high

7.8

CWE

416

28/9/2021

4/8/2024

CVE-2021-41536: Siemens Solid Edge Viewer OBJ File Parsing Use-After-Free Remote Code Execution Vulnerability

First published: Tue Sep 28 2021(Updated: )

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Solid Edge	<se2021
Siemens Solid Edge	=se2021
Siemens Solid Edge	=se2021-maintenance_pack1
Siemens Solid Edge	=se2021-maintenance_pack2
Siemens Solid Edge	=se2021-maintenance_pack3
Siemens Solid Edge	=se2021-maintenance_pack4
Siemens Solid Edge	=se2021-maintenance_pack5
Siemens Solid Edge	=se2021-maintenance_pack6
Siemens Solid Edge	=se2021-maintenance_pack7

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-41536?
The severity of CVE-2021-41536 is high with a CVSS score of 7.8.
How does CVE-2021-41536 impact Siemens Solid Edge Viewer?
CVE-2021-41536 allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer.
What is the required user interaction to exploit CVE-2021-41536?
User interaction is required to exploit CVE-2021-41536 in that the target must visit a malicious page or open a malicious file.
Is there a fix available for CVE-2021-41536?
Yes, Siemens has released a security advisory with fixes for CVE-2021-41536. Please refer to the Siemens Solid Edge Viewer product page for more information.
Where can I find more information about CVE-2021-41536?
You can find more information about CVE-2021-41536 in the Siemens Solid Edge Viewer security advisory and the Zero Day Initiative advisory.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/remedy
agent/author
agent/title
agent/description
agent/first-publish-date
agent/tags
agent/softwarecombine
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-21-1120
alias/ZDI-CAN-13778
alias/CVE-2021-41536
agent/software-canonical-lookup
vendor/siemens
canonical/siemens solid edge
version/siemens solid edge/se2021
version/siemens solid edge/se2021-maintenance_pack1
version/siemens solid edge/se2021-maintenance_pack2
version/siemens solid edge/se2021-maintenance_pack3
version/siemens solid edge/se2021-maintenance_pack4
version/siemens solid edge/se2021-maintenance_pack5
version/siemens solid edge/se2021-maintenance_pack6
version/siemens solid edge/se2021-maintenance_pack7
canonical/siemens solid edge viewer