PT-2021-23324 · Siemens · Nx 1980 Series+2

Xina1I

Published

2021-09-28

Updated

2021-11-28

CVE-2021-41538

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions NX 1953 Series versions prior to V1973.3700 NX 1980 Series versions prior to V1988 Solid Edge SE2021 versions prior to SE2021MP8

Description A vulnerability has been identified that allows information disclosure through unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. This could enable an attacker to leak information from unexpected memory locations.

Recommendations For NX 1953 Series versions prior to V1973.3700, update to version V1973.3700 or later. For NX 1980 Series versions prior to V1988, update to version V1988 or later. For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later.

Fix

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

CVE-2021-41538

ZDI-21-1122

Affected Products

Nx 1953 Series

Nx 1980 Series

Solid Edge

PT-2021-23324 · Siemens · Nx 1980 Series+2

CVE-2021-41538

Weakness Enumeration

Related Identifiers

Affected Products

References · 6