CVE-2021-41533
Published on: 09/28/2021 12:00:00 AM UTC
Last Modified on: 11/28/2021 11:29:00 PM UTC
Certain versions of Nx 1980 from Siemens contain the following vulnerability:
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
- CVE-2021-41533 has been assigned by
[email protected] to track the vulnerability - currently rated as LOW severity.
- Affected Vendor/Software:
Siemens - NX 1980 Series version All versions < V1984
- Affected Vendor/Software:
Siemens - Solid Edge SE2021 version All versions < SE2021MP8
CVSS3 Score: 3.3 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
ZDI-21-1117 | Zero Day Initiative | www.zerodayinitiative.com text/html |
![]() |
cert-portal.siemens.com application/pdf |
![]() | |
cert-portal.siemens.com application/pdf |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Siemens | Nx 1980 | All | All | All | All |
Hardware | Siemens | Nx 1984 | - | All | All | All |
Operating System | Siemens | Nx 1984 Firmware | All | All | All | All |
Hardware | Siemens | Nx 1988 | - | All | All | All |
Operating System | Siemens | Nx 1988 Firmware | All | All | All | All |
Application | Siemens | Solid Edge | All | All | All | All |
Application | Siemens | Solid Edge | se2021 | - | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack1 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack2 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack3 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack4 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack5 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack6 | All | All |
Application | Siemens | Solid Edge | se2021 | maintenance_pack7 | All | All |
- cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:nx_1984:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:nx_1988:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*:
- cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-41533 : A vulnerability has been identified in Solid Edge SE2021 All versions < SE2021MP8 . The affected… twitter.com/i/web/status/1… | 2021-09-28 11:18:52 |