Vulnerability-Lookup

CVE-2021-37203 (GCVE-0-2021-37203)

Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16

Summary

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

siemens

References

2 references

URL	Tags
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
Siemens	NX 1980 Series	Affected: All versions < V1984
Siemens	Solid Edge SE2021	Affected: All versions < SE2021MP8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:03.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NX 1980 Series",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1984"
            }
          ]
        },
        {
          "product": "Solid Edge SE2021",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c SE2021MP8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-28T11:12:26.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-37203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NX 1980 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V1984"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Solid Edge SE2021",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c SE2021MP8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125: Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-37203",
    "datePublished": "2021-09-14T10:47:56.000Z",
    "dateReserved": "2021-07-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:16:03.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-37203",
      "date": "2026-06-08",
      "epss": "0.00189",
      "percentile": "0.40526"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-37203\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-09-14T11:15:26.473\",\"lastModified\":\"2024-11-21T06:14:51.227\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El archivo plmxmlAdapterIFC.dll contiene una lectura fuera de l\u00edmites al analizar los archivos IFC suministrados por el usuario, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Esto podr\u00eda permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio o leer informaci\u00f3n sensible de ubicaciones de memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1984\",\"matchCriteriaId\":\"D3A09766-0171-4DDA-9BF9-D379DA134571\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"se2021\",\"matchCriteriaId\":\"576A303A-66CA-4694-AA54-9EB0137C24F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"39D237BD-EE55-4B40-ABC3-194C4BF7C6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F5649A-349C-42C6-AFFF-CEE1ABC14E67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*\",\"matchCriteriaId\":\"756343AA-DB57-40F7-94FA-84BFCDEB6159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0DD28-653E-4069-AB5A-38F8EFEB36CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*\",\"matchCriteriaId\":\"82090774-D894-41C8-82F1-A48A8707E9BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD346D22-9B5D-4A50-94E2-1F5C8D391EC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*\",\"matchCriteriaId\":\"1466AEE0-4A5C-4E2D-80B8-43680F60FC31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4173D09-C317-45FF-ABA4-39E5592862F8\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

SSA-728618

Vulnerability from csaf_siemens - Published: 2021-09-28 00:00 - Updated: 2021-09-28 00:00

Summary

SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8

Notes

Summary: Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution on the target host system. Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.

General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

CVE-2021-37202

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-37203

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41533

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41534

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41535

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41536

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41537

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41538

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C

CWE-824 - Access of Uninitialized Pointer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41539

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

CVE-2021-41540

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Solid Edge SE2021 Siemens / Solid Edge SE2021		< SE2021MP8	Vendor Fix Mitigation

References

13 references

URL	Category
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…
https://cert-portal.siemens.com/productcert/mitre…

Acknowledgments

xina1i

Trend Micro Zero Day Initiative

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "xina1i"
        ],
        "summary": "reporting vulnerabilities CVE-2021-37202 and CVE-2021-37203"
      },
      {
        "organization": "Trend Micro Zero Day Initiative",
        "summary": "coordinated disclosure of CVE-2021-41533 through CVE-2021-41540"
      }
    ],
    "category": "Siemens Security Advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats.\n\nIf a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution on the target host system.\n\nSiemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt"
      },
      {
        "category": "self",
        "summary": "SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-728618.json"
      }
    ],
    "title": "SSA-728618: Multiple Vulnerabilities in Solid Edge before SE2021MP8",
    "tracking": {
      "current_release_date": "2021-09-28T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-728618",
      "initial_release_date": "2021-09-28T00:00:00Z",
      "revision_history": [
        {
          "date": "2021-09-28T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c SE2021MP8",
                "product": {
                  "name": "Solid Edge SE2021",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "Solid Edge SE2021"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-37202",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-37202 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37202.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-37202"
    },
    {
      "cve": "CVE-2021-37203",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-37203 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37203.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-37203"
    },
    {
      "cve": "CVE-2021-41533",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files.\n\nAn attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41533 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41533.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41533"
    },
    {
      "cve": "CVE-2021-41534",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files.\n\nAn attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41534 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41534.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41534"
    },
    {
      "cve": "CVE-2021-41535",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains a use-after-free vulnerability while parsing OBJ files.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41535 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41535.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41535"
    },
    {
      "cve": "CVE-2021-41536",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains a use-after-free vulnerability while parsing OBJ files.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41536 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41536.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41536"
    },
    {
      "cve": "CVE-2021-41537",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains a use-after-free vulnerability while parsing OBJ files.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41537 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41537.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41537"
    },
    {
      "cve": "CVE-2021-41538",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files.\n\nAn attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41538 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41538.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41538"
    },
    {
      "cve": "CVE-2021-41539",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains a use-after-free vulnerability while parsing OBJ files.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41539 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41539.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41539"
    },
    {
      "cve": "CVE-2021-41540",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected application contains a use-after-free vulnerability while parsing OBJ files.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-41540 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-41540.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to SE2021MP8 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "Avoid opening files from unknown sources in Solid Edge",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-41540"
    }
  ]
}

VAR-202109-1825

Vulnerability from variot - Updated: 2022-05-04 07:23

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1825",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "solid edge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "se2021"
      },
      {
        "model": "solid edge",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "se2021"
      },
      {
        "model": "nx 1980",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1984"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1984",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "se2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Xina1i and Trend Micro\u2019s Zero Day Initiative reported these vulnerabilities to Siemens and CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37203",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-37203",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 1.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-37203",
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-37203",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-937",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37203",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in NX 1980 Series (All versions \u003c V1984), Solid Edge SE2021 (All versions \u003c SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      }
    ],
    "trust": 1.53
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SIEMENS",
        "id": "SSA-728618",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-208530",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37203",
        "trust": 1.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-287-06",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-257-09",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021092905",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091517",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3454",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37203",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "id": "VAR-202109-1825",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19128205
  },
  "last_update_date": "2022-05-04T07:23:12.491000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Siemens NX Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164124"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=332f5edc8b55cb21d1b9cbee1c6ab360"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=3b85ee03e935aff52e55e7402b3926a1"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-06"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091517"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3454"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37203"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-09"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021092905"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-208530.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "date": "2021-09-14T11:15:00",
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37203"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      },
      {
        "date": "2021-11-18T16:08:00",
        "db": "NVD",
        "id": "CVE-2021-37203"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-937"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pillow Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37203 (GCVE-0-2021-37203)

SSA-728618

VAR-202109-1825

Tags

Sightings

Nomenclature