CVE-2021-41538 : A vulnerability has been identified in NX 1953 Series (All versions

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

Published 2021-09-28 12:15:08

Updated 2021-11-28 23:29:34

Source Siemens AG

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2021-41538

Siemens » Solid Edge
Versions before (<) se2021
cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021
cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack1
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack2
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack3
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack4
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack5
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack6
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*
Matching versions
Siemens » Solid Edge » Version: Se2021 Update Maintenance Pack7
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*
Matching versions
Siemens » Nx 1984 Firmware
Versions before (<) 1984
cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1984 » Version: N/A
Siemens » Nx 1988 Firmware
Versions before (<) 1984
cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1988 » Version: N/A
Siemens » Nx 1957 Firmware
Versions before (<) 1973.3700
cpe:2.3:o:siemens:nx_1957_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1957 » Version: N/A
Siemens » Nx 1961 Firmware
Versions before (<) 1973.3700
cpe:2.3:o:siemens:nx_1961_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1961 » Version: N/A
Siemens » Nx 1965 Firmware
Versions before (<) 1973.3700
cpe:2.3:o:siemens:nx_1965_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1965 » Version: N/A
Siemens » Nx 1969 Firmware
Versions before (<) 1973.3700
cpe:2.3:o:siemens:nx_1969_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Nx 1969 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-41538

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-41538

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-41538

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.
Assigned by:
- nvd@nist.gov (Primary)
- productcert@siemens.com (Secondary)

References for CVE-2021-41538

https://www.zerodayinitiative.com/advisories/ZDI-21-1122/

ZDI-21-1122 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf

Patch;Vendor Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-41538

Products affected by CVE-2021-41538

Exploit prediction scoring system (EPSS) score for CVE-2021-41538

CVSS scores for CVE-2021-41538

CWE ids for CVE-2021-41538

References for CVE-2021-41538