PT-2021-23322 · Siemens · Nx 1980 Series+1

Xina1I

Published

2021-09-28

Updated

2021-11-28

CVE-2021-41533

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions NX 1980 Series versions prior to V1984 Solid Edge SE2021 versions prior to SE2021MP8

Description A vulnerability has been identified in the affected applications, which are vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process.

Recommendations For NX 1980 Series versions prior to V1984, update to version V1984 or later. For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later. As a temporary workaround, consider restricting the parsing of JT files until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-41533

ZDI-21-1117

Affected Products

Nx 1980 Series

Solid Edge

PT-2021-23322 · Siemens · Nx 1980 Series+1

CVE-2021-41533

Weakness Enumeration

Related Identifiers

Affected Products

References · 6