PT-2021-3531 · Siemens · Siemens Solid Edge

Published

2021-06-08

Updated

2021-09-21

CVE-2021-31342

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Siemens Solid Edge versions SE2020 before 2020MP14 Siemens Solid Edge versions SE2021 before SE2021MP5

Description The issue is related to the ugeom2d.dll library in Siemens Solid Edge, which lacks proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure, allowing an attacker to execute code in the context of the current process.

Recommendations For Siemens Solid Edge versions SE2020 before 2020MP14, update to 2020MP14 or later. For Siemens Solid Edge versions SE2021 before SE2021MP5, update to SE2021MP5 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2021-03581

CVE-2021-31342

ZDI-21-998

Affected Products

Siemens Solid Edge

PT-2021-3531 · Siemens · Siemens Solid Edge

CVE-2021-31342

Weakness Enumeration

Related Identifiers

Affected Products

References · 8