Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for solid_edge_se2021 by siemens

    CVE-2021-27382 (GCVE-0-2021-27382)

    Vulnerability from nvd – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:16.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:16.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-27382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-27382",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:16.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25678 (GCVE-0-2021-25678)

    Vulnerability from nvd – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:11
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.826Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:16.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-25678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-25678",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26997 (GCVE-0-2020-26997)

    Vulnerability from nvd – Published: 2021-04-22 20:42 – Updated: 2024-08-04 16:03
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:03:23.217Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:15.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-26997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-26997",
        "datePublished": "2021-04-22T20:42:19.000Z",
        "dateReserved": "2020-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:03:23.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27382 (GCVE-0-2021-27382)

    Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:16.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:16.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-27382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
                  "refsource": "CONFIRM",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-27382",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-02-18T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:48:16.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25678 (GCVE-0-2021-25678)

    Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:11
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:27.826Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:16.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-25678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-611/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-25678",
        "datePublished": "2021-04-22T20:42:21.000Z",
        "dateReserved": "2021-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:11:27.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-26997 (GCVE-0-2020-26997)

    Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-04 16:03
    VLAI
    Summary
    A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP13
    Create a notification for this product.
    Siemens Solid Edge SE2020 Affected: All versions < SE2020MP14
    Create a notification for this product.
    Siemens Solid Edge SE2021 Affected: All Versions < SE2021MP4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:03:23.217Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP13"
                }
              ]
            },
            {
              "product": "Solid Edge SE2020",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c SE2020MP14"
                }
              ]
            },
            {
              "product": "Solid Edge SE2021",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions \u003c SE2021MP4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-08T19:47:15.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-26997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2020",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c SE2020MP14"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Solid Edge SE2021",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Versions \u003c SE2021MP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-26997",
        "datePublished": "2021-04-22T20:42:19.000Z",
        "dateReserved": "2020-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-04T16:03:23.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }