PT-2021-4333 · Siemens · Nx 1953 Series+3
Xina1I
·
Published
2021-05-13
·
Updated
2021-11-28
·
CVE-2021-41535
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siemens Solid Edge Viewer versions prior to SE2021MP8
NX 1953 Series versions prior to V1973.3700
NX 1980 Series versions prior to V1988
Solid Edge SE2021 versions prior to SE2021MP8
Description
The issue is related to a use-after-free vulnerability when parsing OBJ files. This could allow a remote attacker to execute arbitrary code in the context of the current process by using a specially crafted malicious web page or file.
Recommendations
For Siemens Solid Edge Viewer versions prior to SE2021MP8, update to version SE2021MP8 or later.
For NX 1953 Series versions prior to V1973.3700, update to version V1973.3700 or later.
For NX 1980 Series versions prior to V1988, update to version V1988 or later.
For Solid Edge SE2021 versions prior to SE2021MP8, update to version SE2021MP8 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nx 1953 Series
Nx 1980 Series
Siemens Solid Edge Viewer
Solid Edge Se2021