Comos

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-14	CVE-2021-45046	Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel siemens debian sonicwall fedoraproject CWE-917 critical	9.0
2021-12-10	CVE-2021-44228	Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical	10.0
2021-06-17	CVE-2021-32936	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. local low complexity opendesign siemens CWE-787	7.8
2021-06-17	CVE-2021-32938	Out-of-bounds Read vulnerability in multiple products Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. local low complexity opendesign siemens CWE-125	7.1
2021-06-17	CVE-2021-32940	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. local low complexity opendesign siemens CWE-125	7.1
2021-06-17	CVE-2021-32944	Use After Free vulnerability in multiple products A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. network opendesign siemens CWE-416	6.8
2021-06-17	CVE-2021-32948	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. local low complexity opendesign siemens CWE-787	7.8
2021-06-17	CVE-2021-32950	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. network opendesign siemens CWE-125	5.8
2021-06-17	CVE-2021-32952	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. network opendesign siemens CWE-787	6.8
2021-06-17	CVE-2021-32946	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. network opendesign siemens CWE-754	6.8