PT-2021-4336 · Siemens · Solid Edge

Xina1I

Published

2021-05-19

Updated

2021-10-01

CVE-2021-41536

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Solid Edge SE2021 versions prior to SE2021MP8

Description A use-after-free vulnerability has been identified in the affected application while parsing OBJ files. This issue could allow an attacker to execute code in the context of the current process. The vulnerability can be exploited by a remote attacker using a specially crafted malicious web page or file.

Recommendations For Solid Edge SE2021 versions prior to SE2021MP8, update to a version that includes the fix for this issue, specifically SE2021MP8 or later. As a temporary workaround, consider avoiding the use of OBJ file parsing functionality until a patch is available. Restrict access to the vulnerable application to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2021-04960

CVE-2021-41536

ZDI-21-1120

Affected Products

Solid Edge

PT-2021-4336 · Siemens · Solid Edge

CVE-2021-41536

Weakness Enumeration

Related Identifiers

Affected Products

References · 6