ID

VAR-202106-1193


CVE

CVE-2021-32946


TITLE

Open Design Alliance  Made  Drawings SDK  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001881

DESCRIPTION

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DGN files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Trust: 4.23

sources: NVD: CVE-2021-32946 // JVNDB: JVNDB-2021-001881 // ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392932 // VULMON: CVE-2021-32946

AFFECTED PRODUCTS

vendor:siemensmodel:jt2goscope: - version: -

Trust: 1.4

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.2

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.2

Trust: 1.0

vendor:opendesignmodel:drawings sdkscope:lteversion:2022.4

Trust: 1.0

vendor:siemensmodel:comosscope:ltversion:10.4.1

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.5 all previous s - cve-2021-32946 , cve-2021-32952

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32946

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-32946
value: HIGH

Trust: 2.1

nvd@nist.gov: CVE-2021-32946
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001881
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-687
value: HIGH

Trust: 0.6

VULHUB: VHN-392932
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32946
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32946
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392932
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-32946
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 2.1

nvd@nist.gov: CVE-2021-32946
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001881
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // VULHUB: VHN-392932 // VULMON: CVE-2021-32946 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-687 // NVD: CVE-2021-32946

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [IPA evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA evaluation ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392932 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32946

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-687

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf

Trust: 1.4

title:Open Design Alliance ( Login required ) Open Design Allianceurl:https://docs.opendesign.com/td/frames.html?frmname=topic&frmfile=MovingToNewVersion.html

Trust: 0.8

title: - url:https://www.opendesign.com/security-advisories

Trust: 0.7

title:Open Design Alliance Drawings SDK Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154864

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=e0bde73e6fac136c31fc4dfabb276eae

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dce38d2a1ec28e091a143e851596b2e8

Trust: 0.1

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // VULMON: CVE-2021-32946 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-687

EXTERNAL IDS

db:NVDid:CVE-2021-32946

Trust: 5.5

db:ICS CERTid:ICSA-21-159-02

Trust: 2.6

db:ZDIid:ZDI-21-985

Trust: 2.5

db:ZDIid:ZDI-21-983

Trust: 2.5

db:SIEMENSid:SSA-155599

Trust: 1.8

db:SIEMENSid:SSA-938030

Trust: 1.8

db:ZDIid:ZDI-23-130

Trust: 0.8

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNid:JVNVU95145431

Trust: 0.8

db:ICS CERTid:ICSA-23-047-01

Trust: 0.8

db:JVNDBid:JVNDB-2021-001881

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13411

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-13409

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19148

Trust: 0.7

db:ICS CERTid:ICSA-22-069-06

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021060908

Trust: 0.6

db:CS-HELPid:SB2021081107

Trust: 0.6

db:CS-HELPid:SB2022031102

Trust: 0.6

db:AUSCERTid:ESB-2021.2046

Trust: 0.6

db:AUSCERTid:ESB-2022.1047

Trust: 0.6

db:AUSCERTid:ESB-2021.2702

Trust: 0.6

db:ICS CERTid:ICSA-21-222-03

Trust: 0.6

db:CNNVDid:CNNVD-202106-687

Trust: 0.6

db:VULHUBid:VHN-392932

Trust: 0.1

db:VULMONid:CVE-2021-32946

Trust: 0.1

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // VULHUB: VHN-392932 // VULMON: CVE-2021-32946 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-687 // NVD: CVE-2021-32946

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02

Trust: 2.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-985/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf

Trust: 1.8

url:https://www.zerodayinitiative.com/advisories/zdi-21-983/

Trust: 1.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-32946

Trust: 1.4

url:http://jvn.jp/cert/jvnvu95145431

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97514209/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32936

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32938

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32940

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32950

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32952

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01

Trust: 0.8

url:https://www.opendesign.com/security-advisories

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1047

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-03

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081107

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2046

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2702

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060908

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/754.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-938030.txt

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-23-130/

Trust: 0.1

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // ZDI: ZDI-23-130 // VULHUB: VHN-392932 // VULMON: CVE-2021-32946 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-687 // NVD: CVE-2021-32946

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 2.0

sources: ZDI: ZDI-21-985 // ZDI: ZDI-21-983 // CNNVD: CNNVD-202106-687

SOURCES

db:ZDIid:ZDI-21-985
db:ZDIid:ZDI-21-983
db:ZDIid:ZDI-23-130
db:VULHUBid:VHN-392932
db:VULMONid:CVE-2021-32946
db:JVNDBid:JVNDB-2021-001881
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-687
db:NVDid:CVE-2021-32946

LAST UPDATE DATE

2024-08-14T12:54:05.432000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-985date:2021-08-18T00:00:00
db:ZDIid:ZDI-21-983date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-130date:2023-02-09T00:00:00
db:VULHUBid:VHN-392932date:2022-04-15T00:00:00
db:VULMONid:CVE-2021-32946date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2023-02-17T05:48:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-687date:2022-03-14T00:00:00
db:NVDid:CVE-2021-32946date:2022-04-15T15:39:18.653

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-985date:2021-08-18T00:00:00
db:ZDIid:ZDI-21-983date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-130date:2023-02-09T00:00:00
db:VULHUBid:VHN-392932date:2021-06-17T00:00:00
db:VULMONid:CVE-2021-32946date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-687date:2021-06-09T00:00:00
db:NVDid:CVE-2021-32946date:2021-06-17T12:15:08.023