Details of VAR-202106-1814

ID

VAR-202106-1814

CVE

CVE-2021-27041

TITLE

Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-22-478

DESCRIPTION

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 4.68

sources: NVD: CVE-2021-27041 // JVNDB: JVNDB-2021-003350 // ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-21-1237 // ZDI: ZDI-22-478 // CNNVD: CNNVD-202104-975

AFFECTED PRODUCTS

vendor:	autodesk	model:	autocad	scope:	-	version:	-	Trust: 2.1
vendor:	autodesk	model:	autocad map 3d	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	design review	scope:	eq	version:	2018	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	gte	version:	2019	Trust: 1.0
vendor:	mitsubishielectric	model:	mc works64	scope:	lte	version:	4.04e	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	lte	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad plant 3d	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad electrical	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	autocad mep	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	gte	version:	2019	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	lt	version:	2022.0.1	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	lt	version:	2020.1.4	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	lt	version:	2019.1.3	Trust: 1.0
vendor:	autodesk	model:	autocad architecture	scope:	gte	version:	2021	Trust: 1.0
vendor:	autodesk	model:	autocad lt	scope:	gte	version:	2021	Trust: 1.0
vendor:	iconics	model:	genesis64	scope:	lte	version:	10.97	Trust: 1.0
vendor:	autodesk	model:	autocad map 3d	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	advance steel	scope:	gte	version:	2020	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	lt	version:	2021.1.1	Trust: 1.0
vendor:	autodesk	model:	civil 3d	scope:	gte	version:	2022	Trust: 1.0
vendor:	autodesk	model:	autocad mechanical	scope:	gte	version:	2019	Trust: 1.0
vendor:	三菱電機	model:	genesis64	scope:	-	version:	-	Trust: 0.8
vendor:	三菱電機	model:	mc works64	scope:	-	version:	-	Trust: 0.8
vendor:	iconics	model:	genesis64	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-21-1237 // ZDI: ZDI-22-478 // JVNDB: JVNDB-2021-003350 // NVD: CVE-2021-27041

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2021-27041
value:	HIGH
Trust: 2.8
NVD:	CVE-2021-27041
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-003350
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1568
value:	HIGH
Trust: 0.6

NVD:	CVE-2021-27041
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0

ZDI:	CVE-2021-27041
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 2.8
NVD:	CVE-2021-27041
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-003350
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-21-1237 // ZDI: ZDI-22-478 // JVNDB: JVNDB-2021-003350 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1568 // NVD: CVE-2021-27041

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ Other ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003350 // NVD: CVE-2021-27041

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1568

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-27041

PATCH

title:	Autodesk has issued an update to correct this vulnerability.	url:	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004	Trust: 1.4
title:	GENESIS64 and MC Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function	url:	https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf	Trust: 0.8
title:	ICONICS has issued an update to correct this vulnerability.	url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01	Trust: 0.7
title:	Autodesk has issued an update to correct this vulnerability.	url:	https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004	Trust: 0.7
title:	Autodesk AutoCAD Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155361	Trust: 0.6

sources: ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-21-1237 // ZDI: ZDI-22-478 // JVNDB: JVNDB-2021-003350 // CNNVD: CNNVD-202106-1568

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27041	Trust: 5.2
db:	ICS CERT	id:	ICSA-21-294-01	Trust: 1.4
db:	ZDI	id:	ZDI-21-714	Trust: 1.3
db:	ZDI	id:	ZDI-21-1237	Trust: 1.3
db:	ZDI	id:	ZDI-22-478	Trust: 1.3
db:	JVN	id:	JVNVU94862669	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-003350	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12281	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-12181	Trust: 0.7
db:	ZDI	id:	ZDI-21-713	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-14064	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-15565	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021102205	Trust: 0.6
db:	CS-HELP	id:	SB2022042625	Trust: 0.6
db:	CS-HELP	id:	SB2022040706	Trust: 0.6
db:	CS-HELP	id:	SB2021062421	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3527	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1568	Trust: 0.6

REFERENCES

url:	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004	Trust: 2.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01	Trust: 2.1
url:	https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007	Trust: 1.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-1237/	Trust: 1.2
url:	http://jvn.jp/cert/jvnvu94862669/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27041	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27040	Trust: 0.8
url:	https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062421	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040706	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3527	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-22-478/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-714/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042625	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102205	Trust: 0.6
url:	https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698	Trust: 0.6

CREDITS

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative

Trust: 2.1

sources: ZDI: ZDI-21-714 // ZDI: ZDI-21-713 // ZDI: ZDI-21-1237

SOURCES

db:	ZDI	id:	ZDI-21-714
db:	ZDI	id:	ZDI-21-713
db:	ZDI	id:	ZDI-21-1237
db:	ZDI	id:	ZDI-22-478
db:	JVNDB	id:	JVNDB-2021-003350
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1568
db:	NVD	id:	CVE-2021-27041

LAST UPDATE DATE

2022-05-14T20:19:01.789000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-714	date:	2021-06-22T00:00:00
db:	ZDI	id:	ZDI-21-713	date:	2021-06-22T00:00:00
db:	ZDI	id:	ZDI-21-1237	date:	2021-10-28T00:00:00
db:	ZDI	id:	ZDI-22-478	date:	2022-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-003350	date:	2021-11-26T02:40:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1568	date:	2022-04-27T00:00:00
db:	NVD	id:	CVE-2021-27041	date:	2022-05-13T17:37:00

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-714	date:	2021-06-22T00:00:00
db:	ZDI	id:	ZDI-21-713	date:	2021-06-22T00:00:00
db:	ZDI	id:	ZDI-21-1237	date:	2021-10-28T00:00:00
db:	ZDI	id:	ZDI-22-478	date:	2022-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-003350	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1568	date:	2021-06-22T00:00:00
db:	NVD	id:	CVE-2021-27041	date:	2021-06-25T13:15:00