PT-2021-21554 · Siemens · Solid Edge

Published

2021-08-10

Updated

2021-08-20

CVE-2021-37178

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Solid Edge SE2021 versions prior to SE2021MP7

Description A vulnerability has been identified in the underlying XML parser of the affected application, which could cause it to disclose arbitrary files to remote attackers by loading a specially crafted XML file. This issue is related to an XML external entity injection vulnerability.

Recommendations For Solid Edge SE2021 versions prior to SE2021MP7, update to SE2021MP7 or later to resolve the issue. As a temporary workaround, consider restricting the loading of external XML files to minimize the risk of exploitation.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-37178

Affected Products

Solid Edge

PT-2021-21554 · Siemens · Solid Edge

CVE-2021-37178

Weakness Enumeration

Related Identifiers

Affected Products

References · 4