CVE-2021-32946
Summary
| CVE | CVE-2021-32946 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-17 12:15:00 UTC |
| Updated | 2022-04-15 15:39:00 UTC |
| Description | An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. |
Risk And Classification
Problem Types: CWE-754
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Opendesign | Drawings Sdk | All | All | All | All |
| Application | Siemens | Comos | All | All | All | All |
| Application | Siemens | Jt2go | All | All | All | All |
| Application | Siemens | Teamcenter Visualization | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-21-985 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf | CONFIRM | cert-portal.siemens.com | |
| ZDI-21-983 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf | CONFIRM | cert-portal.siemens.com | |
| Open Design Alliance Drawings SDK | CISA | MISC | us-cert.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590514 Siemens JT2Go Multiple Vulnerabilities (ICSA-21-222-03)