Sign-up

ID

VAR-202105-0695


CVE

CVE-2021-27398


TITLE

Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-570

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27396. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13290). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SPP files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-27398 // ZDI: ZDI-21-570 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-27398

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:16.0.5

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-570 // NVD: CVE-2021-27398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27398
value: HIGH

Trust: 1.0

ZDI: CVE-2021-27398
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-637
value: HIGH

Trust: 0.6

VULMON: CVE-2021-27398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-27398
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-27398
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-27398
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-570 // VULMON: CVE-2021-27398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-637 // NVD: CVE-2021-27398

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2021-27398

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-637

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-637

PATCH

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 0.7

title:siemens Tecnomatix RobotExpert Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150065

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=07762e4ee064e79fff01009b67f62a17

Trust: 0.1

sources: ZDI: ZDI-21-570 // VULMON: CVE-2021-27398 // CNNVD: CNNVD-202105-637

EXTERNAL IDS

db:NVDid:CVE-2021-27398

Trust: 2.4

db:ZDIid:ZDI-21-570

Trust: 2.4

db:SIEMENSid:SSA-983548

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-13290

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1600

Trust: 0.6

db:ICS CERTid:ICSA-21-131-08

Trust: 0.6

db:CS-HELPid:SB2021051207

Trust: 0.6

db:CNNVDid:CNNVD-202105-637

Trust: 0.6

db:VULMONid:CVE-2021-27398

Trust: 0.1

sources: ZDI: ZDI-21-570 // VULMON: CVE-2021-27398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-637 // NVD: CVE-2021-27398

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-570/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-131-08

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1600

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051207

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-983548.txt

Trust: 0.1

sources: ZDI: ZDI-21-570 // VULMON: CVE-2021-27398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-637 // NVD: CVE-2021-27398

CREDITS

Francis Provencher {PRL}

Trust: 0.7

sources: ZDI: ZDI-21-570

SOURCES

db:ZDIid:ZDI-21-570
db:VULMONid:CVE-2021-27398
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-637
db:NVDid:CVE-2021-27398

LAST UPDATE DATE

2024-08-14T13:17:27.737000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-570date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-27398date:2021-05-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-637date:2021-05-20T00:00:00
db:NVDid:CVE-2021-27398date:2021-05-19T20:23:00.047

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-570date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-27398date:2021-05-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-637date:2021-05-11T00:00:00
db:NVDid:CVE-2021-27398date:2021-05-12T14:15:11.897