PT-2021-23323 · Siemens · Nx 1980 Series+1

Xina1I

Published

2021-09-28

Updated

2021-11-28

CVE-2021-41534

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions NX 1980 Series versions prior to V1984 Solid Edge SE2021 versions prior to SE2021MP8

Description A vulnerability has been identified that allows an out of bounds read past the end of an allocated buffer when parsing JT files. This could enable an attacker to leak information in the context of the current process.

Recommendations For NX 1980 Series versions prior to V1984, update to version V1984 or later to resolve the issue. For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of JT files until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2021-41534

ZDI-21-1118

Affected Products

Nx 1980 Series

Solid Edge

PT-2021-23323 · Siemens · Nx 1980 Series+1

CVE-2021-41534

Weakness Enumeration

Related Identifiers

Affected Products

References · 6