Vulnerabilities > CVE-2021-37178 - XXE vulnerability in Siemens Solid Edge Se2021 Firmware

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

siemens

CWE-611

NVD

Published: 2021-08-10

Updated: 2021-08-20

Summary

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Solid Edge Se2021 Firmware -	1
Hardware	Siemens Siemens Solid Edge Se2021 -	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf