ID

VAR-202103-0230


CVE

CVE-2020-28387


TITLE

Solid Edge  In  XML  External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-016316

DESCRIPTION

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923). Zero Day Initiative To this vulnerability ZDI-CAN-11923 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SEECTCXML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process

Trust: 2.25

sources: NVD: CVE-2020-28387 // JVNDB: JVNDB-2020-016316 // ZDI: ZDI-21-266

AFFECTED PRODUCTS

vendor:siemensmodel:solid edgescope:eqversion:se2021

Trust: 1.0

vendor:siemensmodel:solid edgescope:ltversion:se2021

Trust: 1.0

vendor:シーメンスmodel:solid edgescope:eqversion:se2021mp3

Trust: 0.8

vendor:シーメンスmodel:solid edgescope:eqversion:se2020mp13

Trust: 0.8

vendor:シーメンスmodel:solid edgescope:eqversion: -

Trust: 0.8

vendor:siemensmodel:solid edge viewerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-266 // JVNDB: JVNDB-2020-016316 // NVD: CVE-2020-28387

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-28387
value: MEDIUM

Trust: 1.8

ZDI: CVE-2020-28387
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202103-696
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-28387
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-28387
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-28387
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-28387
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-266 // JVNDB: JVNDB-2020-016316 // CNNVD: CNNVD-202103-696 // NVD: CVE-2020-28387

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.0

problemtype:XML Improper restrictions on external entity references (CWE-611) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016316 // NVD: CVE-2020-28387

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-696

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-696

CONFIGURATIONS

sources: NVD: CVE-2020-28387

PATCH

title:SSA-715184url:https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf

Trust: 0.8

title:Siemens has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-09

Trust: 0.7

title:Siemens Solid Edge Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144058

Trust: 0.6

sources: ZDI: ZDI-21-266 // JVNDB: JVNDB-2020-016316 // CNNVD: CNNVD-202103-696

EXTERNAL IDS

db:NVDid:CVE-2020-28387

Trust: 3.1

db:SIEMENSid:SSA-715184

Trust: 1.6

db:ZDIid:ZDI-21-266

Trust: 1.3

db:JVNid:JVNVU93441670

Trust: 0.8

db:JVNDBid:JVNDB-2020-016316

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11923

Trust: 0.7

db:ICS CERTid:ICSA-21-068-09

Trust: 0.6

db:AUSCERTid:ESB-2021.0854

Trust: 0.6

db:CNNVDid:CNNVD-202103-696

Trust: 0.6

sources: ZDI: ZDI-21-266 // JVNDB: JVNDB-2020-016316 // CNNVD: CNNVD-202103-696 // NVD: CVE-2020-28387

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-28387

Trust: 1.4

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-09

Trust: 1.3

url:https://jvn.jp/vu/jvnvu93441670/

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-266/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0854

Trust: 0.6

sources: ZDI: ZDI-21-266 // JVNDB: JVNDB-2020-016316 // CNNVD: CNNVD-202103-696 // NVD: CVE-2020-28387

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-21-266

SOURCES

db:ZDIid:ZDI-21-266
db:JVNDBid:JVNDB-2020-016316
db:CNNVDid:CNNVD-202103-696
db:NVDid:CVE-2020-28387

LAST UPDATE DATE

2022-05-04T08:13:28.253000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-266date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2020-016316date:2021-11-22T09:06:00
db:CNNVDid:CNNVD-202103-696date:2021-03-19T00:00:00
db:NVDid:CVE-2020-28387date:2021-07-15T18:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-266date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2020-016316date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-696date:2021-03-09T00:00:00
db:NVDid:CVE-2020-28387date:2021-03-15T17:15:00