Sign-up

ID

VAR-202105-0693


CVE

CVE-2021-27396


TITLE

Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-568

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27398. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13279). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-27396 // ZDI: ZDI-21-568 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-27396

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:16.0.5

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-568 // NVD: CVE-2021-27396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27396
value: HIGH

Trust: 1.0

ZDI: CVE-2021-27396
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-634
value: HIGH

Trust: 0.6

VULMON: CVE-2021-27396
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-27396
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-27396
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-27396
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-568 // VULMON: CVE-2021-27396 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-634 // NVD: CVE-2021-27396

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2021-27396

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-634

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-634

PATCH

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 0.7

title:Siemens Tecnomatix Plant Simulation Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150062

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=07762e4ee064e79fff01009b67f62a17

Trust: 0.1

sources: ZDI: ZDI-21-568 // VULMON: CVE-2021-27396 // CNNVD: CNNVD-202105-634

EXTERNAL IDS

db:NVDid:CVE-2021-27396

Trust: 2.4

db:ZDIid:ZDI-21-568

Trust: 2.4

db:SIEMENSid:SSA-983548

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-13279

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1600

Trust: 0.6

db:ICS CERTid:ICSA-21-131-08

Trust: 0.6

db:CS-HELPid:SB2021051207

Trust: 0.6

db:CNNVDid:CNNVD-202105-634

Trust: 0.6

db:VULMONid:CVE-2021-27396

Trust: 0.1

sources: ZDI: ZDI-21-568 // VULMON: CVE-2021-27396 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-634 // NVD: CVE-2021-27396

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-568/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1600

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051207

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-983548.txt

Trust: 0.1

sources: ZDI: ZDI-21-568 // VULMON: CVE-2021-27396 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-634 // NVD: CVE-2021-27396

CREDITS

Francis Provencher {PRL}

Trust: 0.7

sources: ZDI: ZDI-21-568

SOURCES

db:ZDIid:ZDI-21-568
db:VULMONid:CVE-2021-27396
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-634
db:NVDid:CVE-2021-27396

LAST UPDATE DATE

2024-08-14T12:51:41.988000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-568date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-27396date:2021-05-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-634date:2021-05-20T00:00:00
db:NVDid:CVE-2021-27396date:2021-05-19T20:30:00.880

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-568date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-27396date:2021-05-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-634date:2021-05-11T00:00:00
db:NVDid:CVE-2021-27396date:2021-05-12T14:15:11.810