ID

VAR-202106-1195


CVE

CVE-2021-32950


TITLE

Open Design Alliance  Made  Drawings SDK  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-001881

DESCRIPTION

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. Open Design Alliance Provided by Drawings SDK is a drafting software development kit. This product contains multiple vulnerabilities listed below. * Out-of-bounds read (CWE-125) - CVE-2021-32938 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32936 It was * Out-of-bounds read (CWE-125) - CVE-2021-32940 It was * DGN Improper checking of files for abnormal or exceptional conditions (CWE-754) - CVE-2021-32946 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32948 It was * Out-of-bounds read (CWE-125) - CVE-2021-32950 It was * Out-of-bounds writing (CWE-787) - CVE-2021-32952 It was * Use of freed memory (use-after-free) (CWE-416) - CVE-2021-32944The expected impact depends on each vulnerability, but it may be affected as follows. It was * crafted by the attacker DWG Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32938 It was * crafted by the attacker DXF Denial of service by opening files via recovery (DoS) state is triggered or code is executed - CVE-2021-32936 It was * crafted by the attacker DWG Denial of service by opening files via recovery (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32940 It was * crafted by the attacker DGN Denial of service by reading the file (DoS) state is triggered or code is executed - CVE-2021-32946 , CVE-2021-32952 It was * crafted by the attacker DWG Denial of service by opening the file (DoS) state is triggered or code is executed - CVE-2021-32948 It was * crafted by the attacker DXF Denial of service by opening the file (DoS) triggering a condition or reading sensitive information from memory - CVE-2021-32950 It was * Crafted by an attacker by an attacker DGN Denial of service by opening the file (DoS) A condition is triggered or arbitrary code is executed - CVE-2021-32944. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages. There is a buffer error vulnerability in Drawings SDK, which is caused by boundary conditions when parsing DXF files. Affected products and versions are as follows: Drawings SDK: Before 2022.4

Trust: 3.6

sources: NVD: CVE-2021-32950 // JVNDB: JVNDB-2021-001881 // ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392936 // VULMON: CVE-2021-32950

AFFECTED PRODUCTS

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.2.0.1

Trust: 1.0

vendor:opendesignmodel:drawings sdkscope:ltversion:2022.4

Trust: 1.0

vendor:siemensmodel:jt2goscope:ltversion:13.2.0.1

Trust: 1.0

vendor:siemensmodel:comosscope:ltversion:10.4.1

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.4 all previous s - cve-2021-32938 , cve-2021-32936 , cve-2021-32940 , cve-2021-32948 , cve-2021-32950 , cve-2021-32944

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.5 all previous s - cve-2021-32946 , cve-2021-32952

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:jt2goscope: - version: -

Trust: 0.7

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32950

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-32950
value: LOW

Trust: 1.4

nvd@nist.gov: CVE-2021-32950
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-001881
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-685
value: HIGH

Trust: 0.6

VULHUB: VHN-392936
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32950
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32950
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-392936
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-32950
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2021-32950
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001881
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // VULHUB: VHN-392936 // VULMON: CVE-2021-32950 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-685 // NVD: CVE-2021-32950

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [IPA evaluation ]

Trust: 0.8

problemtype: Use of freed memory (CWE-416) [IPA evaluation ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [IPA evaluation ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392936 // JVNDB: JVNDB-2021-001881 // NVD: CVE-2021-32950

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-685

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Open Design Alliance ( Login required ) Open Design Allianceurl:https://docs.opendesign.com/td/frames.html?frmname=topic&frmfile=MovingToNewVersion.html

Trust: 0.8

title: - url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

title: - url:https://www.opendesign.com/security-advisories

Trust: 0.7

title:Open Design Alliance Drawings SDK Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154862

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=dce38d2a1ec28e091a143e851596b2e8

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b2237aa5ac819041f827cc4fd4128631

Trust: 0.1

sources: ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // VULMON: CVE-2021-32950 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202106-685

EXTERNAL IDS

db:NVDid:CVE-2021-32950

Trust: 4.8

db:ICS CERTid:ICSA-21-159-02

Trust: 2.6

db:ZDIid:ZDI-21-988

Trust: 2.5

db:SIEMENSid:SSA-155599

Trust: 1.8

db:SIEMENSid:SSA-365397

Trust: 1.8

db:ZDIid:ZDI-23-136

Trust: 0.8

db:JVNid:JVNVU97514209

Trust: 0.8

db:JVNid:JVNVU95145431

Trust: 0.8

db:ICS CERTid:ICSA-23-047-01

Trust: 0.8

db:JVNDBid:JVNDB-2021-001881

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13415

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-19163

Trust: 0.7

db:ICS CERTid:ICSA-22-069-06

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:ICS CERTid:ICSA-21-222-01

Trust: 0.6

db:CS-HELPid:SB2021060909

Trust: 0.6

db:CS-HELPid:SB2021081108

Trust: 0.6

db:CS-HELPid:SB2022031102

Trust: 0.6

db:AUSCERTid:ESB-2021.2046

Trust: 0.6

db:AUSCERTid:ESB-2022.1047

Trust: 0.6

db:AUSCERTid:ESB-2021.2700

Trust: 0.6

db:CNNVDid:CNNVD-202106-685

Trust: 0.6

db:VULHUBid:VHN-392936

Trust: 0.1

db:VULMONid:CVE-2021-32950

Trust: 0.1

sources: ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // VULHUB: VHN-392936 // VULMON: CVE-2021-32950 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-685 // NVD: CVE-2021-32950

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02

Trust: 2.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-988/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32950

Trust: 1.4

url:http://jvn.jp/cert/jvnvu95145431

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97514209/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32936

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32938

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32940

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32946

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32952

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf

Trust: 0.7

url:https://www.opendesign.com/security-advisories

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2046

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2700

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060909

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031102

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.zerodayinitiative.com/advisories/zdi-23-136/

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-06

Trust: 0.1

sources: ZDI: ZDI-21-988 // ZDI: ZDI-23-136 // VULHUB: VHN-392936 // VULMON: CVE-2021-32950 // JVNDB: JVNDB-2021-001881 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-685 // NVD: CVE-2021-32950

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.3

sources: ZDI: ZDI-21-988 // CNNVD: CNNVD-202106-685

SOURCES

db:ZDIid:ZDI-21-988
db:ZDIid:ZDI-23-136
db:VULHUBid:VHN-392936
db:VULMONid:CVE-2021-32950
db:JVNDBid:JVNDB-2021-001881
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-685
db:NVDid:CVE-2021-32950

LAST UPDATE DATE

2024-08-14T12:17:08.924000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-988date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-136date:2023-02-09T00:00:00
db:VULHUBid:VHN-392936date:2022-04-15T00:00:00
db:VULMONid:CVE-2021-32950date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2023-02-17T05:48:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-685date:2022-03-14T00:00:00
db:NVDid:CVE-2021-32950date:2022-04-15T15:34:59.663

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-988date:2021-08-18T00:00:00
db:ZDIid:ZDI-23-136date:2023-02-09T00:00:00
db:VULHUBid:VHN-392936date:2021-06-17T00:00:00
db:VULMONid:CVE-2021-32950date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-001881date:2021-06-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-685date:2021-06-09T00:00:00
db:NVDid:CVE-2021-32950date:2021-06-17T13:15:08.250