PT-2021-3532 · Siemens · Siemens Solid Edge
Published
2021-06-08
·
Updated
2021-09-21
·
CVE-2021-31343
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siemens Solid Edge versions SE2020 before 2020MP14
Siemens Solid Edge versions SE2021 before SE2021MP5
Description
The issue is related to the jutil.dll library in Siemens Solid Edge, which lacks proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocation structure, allowing an attacker to execute code in the context of the current process. The vulnerability is exploited through the parsing of DFT files, potentially leading to remote code execution.
Recommendations
For Siemens Solid Edge versions SE2020 before 2020MP14, update to version 2020MP14 or later to resolve the issue.
For Siemens Solid Edge versions SE2021 before SE2021MP5, update to version SE2021MP5 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the jutil.dll library when parsing DFT files until a patch is applied.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siemens Solid Edge