First published: Sun Nov 14 2021(Updated: )
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Software Development Kit | <2022.11 | |
Siemens JT2Go | ||
Siemens Solid Edge | =se2022 | |
Siemens Teamcenter Visualization | >=12.4.0<12.4.0.13 | |
Siemens Teamcenter Visualization | >=13.2.0<13.3.0.1 | |
Siemens Teamcenter Visualization | =13.1.0 | |
Siemens JT2Go | <13.2.0.7 | 13.2.0.7 |
Siemens Teamcenter Visualization v13.2 | <13.2.0.7 | 13.2.0.7 |
Siemens Solid Edge SE2021: All versions prior to SE2021MP9 | ||
Siemens Solid Edge SE2022: All versions prior to SE2022MP1 | ||
Siemens Teamcenter Visualization v12.4 | <12.4.0.13 | 12.4.0.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-43336.
The title of the vulnerability is Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
The severity of CVE-2021-43336 is high, with a severity value of 7.8.
Siemens JT2Go, Opendesign Drawings Software Development Kit, Siemens Solid Edge, and Siemens Teamcenter Visualization are affected by CVE-2021-43336.
This vulnerability can be exploited by remote attackers who execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required, such as visiting a malicious page or opening a malicious file.