ID

VAR-202106-1192


CVE

CVE-2021-32944


TITLE

Siemens JT2Go DGN File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987

DESCRIPTION

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a resource management error vulnerability in the Drawings SDK, which is caused by a "free after use" error in the process of reading DGN files. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Trust: 4.86

sources: NVD: CVE-2021-32944 // JVNDB: JVNDB-2021-001881 // ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392930 // VULMON: CVE-2021-32944

AFFECTED PRODUCTS

vendor:siemensmodel:jt2goscope: - version: -

Trust: 1.4

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 1.4

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:opendesignmodel:drawings sdkscope:ltversion:2022.4

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:comosscope:ltversion:10.4.1

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.5 all previous s - cve-2021-32946 , cve-2021-32952

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32944

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-32944
value: HIGH

Trust: 2.8

nvd@nist.gov: CVE-2021-32944
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001881
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-688
value: HIGH

Trust: 0.6

VULHUB: VHN-392930
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32944
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32944
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392930
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-32944
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.8

nvd@nist.gov: CVE-2021-32944
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001881
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // VULHUB: VHN-392930 // VULMON: CVE-2021-32944 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-688 // NVD: CVE-2021-32944

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [IPA evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA evaluation ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392930 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32944

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-688

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.4

title: - url:https://www.opendesign.com/security-advisories

Trust: 1.4

title:Open Design Alliance ( Login required ) Open Design Allianceurl:https://docs.opendesign.com/td/frames.html?frmname=topic&frmfile=MovingToNewVersion.html

Trust: 0.8

title:Drawings SDK Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153338

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dce38d2a1ec28e091a143e851596b2e8

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631

Trust: 0.1

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // VULMON: CVE-2021-32944 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-688

EXTERNAL IDS

db:NVDid:CVE-2021-32944

Trust: 6.2

db:ICS CERTid:ICSA-21-159-02

Trust: 2.6

db:ZDIid:ZDI-21-990

Trust: 2.5

db:ZDIid:ZDI-21-987

Trust: 2.5

db:SIEMENSid:SSA-155599

Trust: 1.8

db:SIEMENSid:SSA-365397

Trust: 1.8

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNid:JVNVU95145431

Trust: 0.8

db:ICS CERTid:ICSA-23-047-01

Trust: 0.8

db:JVNDBid:JVNDB-2021-001881

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13468

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-13413

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19152

Trust: 0.7

db:ZDIid:ZDI-23-132

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19151

Trust: 0.7

db:ZDIid:ZDI-23-131

Trust: 0.7

db:ICS CERTid:ICSA-22-069-06

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:ICS CERTid:ICSA-21-222-01

Trust: 0.6

db:CS-HELPid:SB2021060909

Trust: 0.6

db:CS-HELPid:SB2021081108

Trust: 0.6

db:CS-HELPid:SB2022031102

Trust: 0.6

db:AUSCERTid:ESB-2021.2046

Trust: 0.6

db:AUSCERTid:ESB-2022.1047

Trust: 0.6

db:AUSCERTid:ESB-2021.2700

Trust: 0.6

db:CNNVDid:CNNVD-202106-688

Trust: 0.6

db:VULHUBid:VHN-392930

Trust: 0.1

db:VULMONid:CVE-2021-32944

Trust: 0.1

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // VULHUB: VHN-392930 // VULMON: CVE-2021-32944 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-688 // NVD: CVE-2021-32944

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02

Trust: 2.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-990/

Trust: 2.4

url:https://www.zerodayinitiative.com/advisories/zdi-21-987/

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.4

url:https://www.opendesign.com/security-advisories

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-32944

Trust: 1.4

url:http://jvn.jp/cert/jvnvu95145431

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97514209/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32936

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32938

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32940

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32946

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32950

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32952

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2046

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2700

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060909

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06

Trust: 0.1

sources: ZDI: ZDI-21-990 // ZDI: ZDI-21-987 // ZDI: ZDI-23-132 // ZDI: ZDI-23-131 // VULHUB: VHN-392930 // VULMON: CVE-2021-32944 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-688 // NVD: CVE-2021-32944

CREDITS

Mat Powell & Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative

Trust: 1.4

sources: ZDI: ZDI-23-132 // ZDI: ZDI-23-131

SOURCES

db:ZDIid:ZDI-21-990
db:ZDIid:ZDI-21-987
db:ZDIid:ZDI-23-132
db:ZDIid:ZDI-23-131
db:VULHUBid:VHN-392930
db:VULMONid:CVE-2021-32944
db:JVNDBid:JVNDB-2021-001881
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-688
db:NVDid:CVE-2021-32944

LAST UPDATE DATE

2024-08-14T12:29:55.197000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-990date:2021-08-18T00:00:00
db:ZDIid:ZDI-21-987date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-132date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-131date:2023-02-09T00:00:00
db:VULHUBid:VHN-392930date:2022-04-15T00:00:00
db:VULMONid:CVE-2021-32944date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2023-02-17T05:48:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-688date:2022-03-14T00:00:00
db:NVDid:CVE-2021-32944date:2022-04-15T15:36:24.180

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-990date:2021-08-18T00:00:00
db:ZDIid:ZDI-21-987date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-132date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-131date:2023-02-09T00:00:00
db:VULHUBid:VHN-392930date:2021-06-17T00:00:00
db:VULMONid:CVE-2021-32944date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-688date:2021-06-09T00:00:00
db:NVDid:CVE-2021-32944date:2021-06-17T13:15:08.083