ID

VAR-202106-1189


CVE

CVE-2021-32938


TITLE

Open Design Alliance  Made  Drawings SDK  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001881

DESCRIPTION

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK that arises from a boundary condition. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Trust: 4.86

sources: NVD: CVE-2021-32938 // JVNDB: JVNDB-2021-001881 // ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392924 // VULMON: CVE-2021-32938

AFFECTED PRODUCTS

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 1.4

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:opendesignmodel:drawings sdkscope:ltversion:2022.4

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:comosscope:ltversion:10.4.1

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.5 all previous s - cve-2021-32946 , cve-2021-32952

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:jt2goscope: - version: -

Trust: 0.7

vendor:siemensmodel:solid edge viewerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32938

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-32938
value: LOW

Trust: 1.4

ZDI: CVE-2021-32938
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2021-32938
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001881
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-686
value: HIGH

Trust: 0.6

VULHUB: VHN-392924
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32938
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32938
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392924
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-32938
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.4

ZDI: CVE-2021-32938
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2021-32938
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001881
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // VULHUB: VHN-392924 // VULMON: CVE-2021-32938 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-686 // NVD: CVE-2021-32938

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [IPA evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA evaluation ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392924 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32938

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-686

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title: - url:https://www.opendesign.com/security-advisories

Trust: 1.4

title:Open Design Alliance ( Login required ) Open Design Allianceurl:https://docs.opendesign.com/td/frames.html?frmname=topic&frmfile=MovingToNewVersion.html

Trust: 0.8

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

title:Siemens has issued an update to correct this vulnerability.url:https://cert-portal.siemens.com/productcert/html/ssa-491245.html

Trust: 0.7

title:Open Design Alliance Drawings SDK Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=154863

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dce38d2a1ec28e091a143e851596b2e8

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631

Trust: 0.1

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // VULMON: CVE-2021-32938 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-686

EXTERNAL IDS

db:NVDid:CVE-2021-32938

Trust: 6.2

db:ICS CERTid:ICSA-21-159-02

Trust: 2.6

db:ZDIid:ZDI-21-980

Trust: 2.5

db:SIEMENSid:SSA-155599

Trust: 1.8

db:SIEMENSid:SSA-491245

Trust: 1.8

db:SIEMENSid:SSA-365397

Trust: 1.8

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNid:JVNVU95145431

Trust: 0.8

db:ICS CERTid:ICSA-23-047-01

Trust: 0.8

db:JVNDBid:JVNDB-2021-001881

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13378

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19161

Trust: 0.7

db:ZDIid:ZDI-23-135

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19146

Trust: 0.7

db:ZDIid:ZDI-23-129

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19073

Trust: 0.7

db:ZDIid:ZDI-23-207

Trust: 0.7

db:ICS CERTid:ICSA-22-069-06

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2023.0960

Trust: 0.6

db:AUSCERTid:ESB-2021.2700

Trust: 0.6

db:AUSCERTid:ESB-2022.1047

Trust: 0.6

db:AUSCERTid:ESB-2021.2046

Trust: 0.6

db:CS-HELPid:SB2022031102

Trust: 0.6

db:CS-HELPid:SB2021081108

Trust: 0.6

db:CS-HELPid:SB2021060909

Trust: 0.6

db:ICS CERTid:ICSA-21-222-01

Trust: 0.6

db:CNNVDid:CNNVD-202106-686

Trust: 0.6

db:VULHUBid:VHN-392924

Trust: 0.1

db:VULMONid:CVE-2021-32938

Trust: 0.1

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // VULHUB: VHN-392924 // VULMON: CVE-2021-32938 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-686 // NVD: CVE-2021-32938

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02

Trust: 2.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-980/

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf

Trust: 1.8

url:https://www.opendesign.com/security-advisories

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-32938

Trust: 1.4

url:http://jvn.jp/cert/jvnvu95145431

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97514209/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32936

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32940

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32946

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32950

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32952

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

url:https://cert-portal.siemens.com/productcert/html/ssa-491245.html

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2046

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0960

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2700

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060909

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-155599.txt

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06

Trust: 0.1

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-135 // ZDI: ZDI-23-129 // ZDI: ZDI-23-207 // VULHUB: VHN-392924 // VULMON: CVE-2021-32938 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-686 // NVD: CVE-2021-32938

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 2.0

sources: ZDI: ZDI-21-980 // ZDI: ZDI-23-207 // CNNVD: CNNVD-202106-686

SOURCES

db:ZDIid:ZDI-21-980
db:ZDIid:ZDI-23-135
db:ZDIid:ZDI-23-129
db:ZDIid:ZDI-23-207
db:VULHUBid:VHN-392924
db:VULMONid:CVE-2021-32938
db:JVNDBid:JVNDB-2021-001881
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-686
db:NVDid:CVE-2021-32938

LAST UPDATE DATE

2024-08-14T12:49:08.011000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-980date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-135date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-129date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-207date:2023-03-01T00:00:00
db:VULHUBid:VHN-392924date:2023-02-14T00:00:00
db:VULMONid:CVE-2021-32938date:2023-02-14T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2023-02-17T05:48:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-686date:2023-02-17T00:00:00
db:NVDid:CVE-2021-32938date:2023-02-14T12:15:11.073

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-980date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-135date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-129date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-207date:2023-03-01T00:00:00
db:VULHUBid:VHN-392924date:2021-06-17T00:00:00
db:VULMONid:CVE-2021-32938date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-686date:2021-06-09T00:00:00
db:NVDid:CVE-2021-32938date:2021-06-17T13:15:07.837