Vulnerabilities > CVE-2021-41533 - Unspecified vulnerability in Siemens NX 1984 Firmware, NX 1988 Firmware and Solid Edge

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

siemens

NVD

Published: 2021-09-28

Updated: 2024-11-21

Summary

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Solid Edge Se2020 Siemens Solid Edge Se2021	25
OS	Siemens Siemens NX 1984 Firmware - Siemens NX 1988 Firmware -	2
Hardware	Siemens Siemens NX 1984 - Siemens NX 1988 -	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-1117/
https://www.zerodayinitiative.com/advisories/ZDI-21-1117/