PT-2021-4186 · Siemens · Siemens Nx+1

Published

2021-09-14

Updated

2021-11-18

CVE-2021-37202

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Siemens NX versions prior to V1984 Solid Edge SE2021 versions prior to SE2021MP8

Description The issue is related to a use-after-free vulnerability in the IFC adapter component when parsing user-supplied IFC files. This could allow an attacker to execute arbitrary code in the context of the current process.

Recommendations For Siemens NX versions prior to V1984, update to version V1984 or later to resolve the issue. For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IFC adapter component until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2021-04782

CVE-2021-37202

Affected Products

Siemens Nx

Solid Edge

PT-2021-4186 · Siemens · Siemens Nx+1

CVE-2021-37202

Weakness Enumeration

Related Identifiers

Affected Products

References · 8