A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Siemens
  • Nx 1961 Firmware
  • Nx 1961
  • Nx 1957
  • Nx 1988
  • Nx 1969
  • Nx 1965
  • Nx 1984
  • Nx 1984 Firmware
  • Nx 1988 Firmware
  • Solid Edge
  • Nx 1957 Firmware
  • Nx 1965 Firmware
  • Nx 1969 Firmware

Configuration 1 [-]

OR cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:nx_1984_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1984:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:nx_1988_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1988:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:nx_1957_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1957:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:nx_1961_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1961:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:nx_1965_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1965:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:nx_1969_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:nx_1969:-:*:*:*:*:*:*:*
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1122/ Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2021-09-28T11:12:32

Updated: 2021-11-09T11:32:13

Reserved: 2021-09-21T00:00:00

Link: CVE-2021-41538

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-09-28T12:15:08.250

Modified: 2021-11-28T23:29:33.560

Link: CVE-2021-41538

JSON object: View

cve-icon Redhat Information

No data.

CWE