CVE-2021-37203

Name of the Vulnerable Software and Affected Versions NX 1980 Series versions prior to V1984 Solid Edge SE2021 versions prior to SE2021MP8

Description A vulnerability has been identified in the plmxmlAdapterIFC.dll, which contains an out-of-bounds read while parsing user-supplied IFC files. This could result in a read past the end of an allocated buffer, allowing an attacker to cause a denial-of-service condition or read sensitive information from memory locations. The issue is related to the use of memory after it has been freed during the syntactic analysis of IFC files.

Recommendations For NX 1980 Series versions prior to V1984, update to version V1984 or later to resolve the issue. For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plmxmlAdapterIFC.dll until a patch is available. Avoid using the plmxmlAdapterIFC.dll to parse user-supplied IFC files until the issue is resolved.