ID

VAR-202106-1190


CVE

CVE-2021-32940


TITLE

Open Design Alliance  Made  Drawings SDK  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001881

DESCRIPTION

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. A buffer error vulnerability exists in the Drawings SDK, which originates from a boundary condition in the recovery process of DWG files. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Trust: 4.23

sources: NVD: CVE-2021-32940 // JVNDB: JVNDB-2021-001881 // ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392926 // VULMON: CVE-2021-32940

AFFECTED PRODUCTS

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 1.4

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:opendesignmodel:drawings sdkscope:ltversion:2022.5

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:comosscope:ltversion:10.4.1

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.5 all previous s - cve-2021-32946 , cve-2021-32952

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:jt2goscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32940

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-32940
value: LOW

Trust: 1.4

nvd@nist.gov: CVE-2021-32940
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001881
value: MEDIUM

Trust: 0.8

ZDI: CVE-2021-32940
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202106-681
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-392926
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32940
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32940
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392926
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-32940
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2021-32940
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001881
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-32940
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // VULHUB: VHN-392926 // VULMON: CVE-2021-32940 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-681 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32940

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [IPA evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA evaluation ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392926 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32940

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-681

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202106-681

PATCH

title: - url:https://www.opendesign.com/security-advisories

Trust: 1.4

title:Open Design Alliance ( Login required ) Open Design Allianceurl:https://docs.opendesign.com/td/frames.html?frmname=topic&frmfile=MovingToNewVersion.html

Trust: 0.8

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

title:Open Design Alliance Drawings SDK Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=154859

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dce38d2a1ec28e091a143e851596b2e8

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631

Trust: 0.1

sources: ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // VULMON: CVE-2021-32940 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-681

EXTERNAL IDS

db:NVDid:CVE-2021-32940

Trust: 5.5

db:ICS CERTid:ICSA-21-159-02

Trust: 2.6

db:ZDIid:ZDI-21-986

Trust: 2.5

db:SIEMENSid:SSA-155599

Trust: 1.8

db:SIEMENSid:SSA-365397

Trust: 1.8

db:ZDIid:ZDI-23-120

Trust: 0.8

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNid:JVNVU95145431

Trust: 0.8

db:ICS CERTid:ICSA-23-047-01

Trust: 0.8

db:JVNDBid:JVNDB-2021-001881

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13412

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19154

Trust: 0.7

db:ZDIid:ZDI-23-134

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19134

Trust: 0.7

db:ICS CERTid:ICSA-22-069-06

Trust: 0.7

db:CS-HELPid:SB2021081108

Trust: 0.6

db:CS-HELPid:SB2022031102

Trust: 0.6

db:CS-HELPid:SB2021060909

Trust: 0.6

db:ICS CERTid:ICSA-21-222-01

Trust: 0.6

db:AUSCERTid:ESB-2021.2046

Trust: 0.6

db:AUSCERTid:ESB-2021.2700

Trust: 0.6

db:AUSCERTid:ESB-2022.1047

Trust: 0.6

db:CNNVDid:CNNVD-202106-681

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-392926

Trust: 0.1

db:VULMONid:CVE-2021-32940

Trust: 0.1

sources: ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // VULHUB: VHN-392926 // VULMON: CVE-2021-32940 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-681 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32940

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02

Trust: 2.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-986/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.8

url:https://www.opendesign.com/security-advisories

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-32940

Trust: 1.4

url:http://jvn.jp/cert/jvnvu95145431

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97514209/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32936

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32938

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32946

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32950

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32952

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2046

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2700

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060909

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-23-120/

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06

Trust: 0.1

sources: ZDI: ZDI-21-986 // ZDI: ZDI-23-134 // ZDI: ZDI-23-120 // VULHUB: VHN-392926 // VULMON: CVE-2021-32940 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-681 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32940

CREDITS

Mat Powell & Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative

Trust: 1.4

sources: ZDI: ZDI-23-134 // ZDI: ZDI-23-120

SOURCES

db:ZDIid:ZDI-21-986
db:ZDIid:ZDI-23-134
db:ZDIid:ZDI-23-120
db:VULHUBid:VHN-392926
db:VULMONid:CVE-2021-32940
db:JVNDBid:JVNDB-2021-001881
db:CNNVDid:CNNVD-202106-681
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-32940

LAST UPDATE DATE

2024-08-14T12:13:59.123000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-986date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-134date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-120date:2023-02-09T00:00:00
db:VULHUBid:VHN-392926date:2023-01-13T00:00:00
db:VULMONid:CVE-2021-32940date:2023-03-28T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2023-02-17T05:48:00
db:CNNVDid:CNNVD-202106-681date:2023-01-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-32940date:2023-03-28T17:12:49.597

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-986date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-134date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-120date:2023-02-09T00:00:00
db:VULHUBid:VHN-392926date:2021-06-17T00:00:00
db:VULMONid:CVE-2021-32940date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202106-681date:2021-06-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-32940date:2021-06-17T13:15:07.923