CVE-2021-41534 : A vulnerability has been identified in NX 1980 Series (All versions

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).

Published 2021-09-28 12:15:08

Updated 2021-11-28 23:29:46

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2021-41534

Siemens » Solid Edge
Versions before (<) se2021
cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021
cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack1
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack2
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack3
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack4
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack5
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack6
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack7
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*
Matching versions
Siemens » Nx 1984 Firmware
Versions before (<) 1984
cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1984 » Version: N/A
Siemens » Nx 1988 Firmware
Versions before (<) 1984
cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1988 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-41534

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-41534

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-41534

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.
Assigned by:
- nvd@nist.gov (Primary)
- productcert@siemens.com (Secondary)

References for CVE-2021-41534

https://www.zerodayinitiative.com/advisories/ZDI-21-1118/

ZDI-21-1118 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf

Patch;Vendor Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-41534

Products affected by CVE-2021-41534

Exploit prediction scoring system (EPSS) score for CVE-2021-41534

CVSS scores for CVE-2021-41534

CWE ids for CVE-2021-41534

References for CVE-2021-41534