ID

VAR-202109-1794


CVE

CVE-2021-41533


TITLE

Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-1117

DESCRIPTION

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565). This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.16

sources: NVD: CVE-2021-41533 // ZDI: ZDI-21-1117 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-41533

AFFECTED PRODUCTS

vendor:siemensmodel:solid edgescope:eqversion:se2021

Trust: 1.0

vendor:siemensmodel:solid edgescope:ltversion:se2021

Trust: 1.0

vendor:siemensmodel:nx 1984scope:ltversion:1984

Trust: 1.0

vendor:siemensmodel:nx 1988scope:ltversion:1984

Trust: 1.0

vendor:siemensmodel:solid edge viewerscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-1117 // NVD: CVE-2021-41533

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-41533
value: LOW

Trust: 1.0

ZDI: CVE-2021-41533
value: LOW

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1831
value: LOW

Trust: 0.6

VULMON: CVE-2021-41533
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-41533
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-41533
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ZDI: CVE-2021-41533
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1117 // VULMON: CVE-2021-41533 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1831 // NVD: CVE-2021-41533

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2021-41533

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1831

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-41533

PATCH

title: - url:https://www.siemens.com/cert/advisories/https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Trust: 0.7

title:Siemens Solid Edge Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164361

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=3b85ee03e935aff52e55e7402b3926a1

Trust: 0.1

sources: ZDI: ZDI-21-1117 // VULMON: CVE-2021-41533 // CNNVD: CNNVD-202109-1831

EXTERNAL IDS

db:NVDid:CVE-2021-41533

Trust: 2.4

db:ZDIid:ZDI-21-1117

Trust: 2.4

db:SIEMENSid:SSA-728618

Trust: 1.7

db:SIEMENSid:SSA-740908

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-13565

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021111006

Trust: 0.6

db:CS-HELPid:SB2021092905

Trust: 0.6

db:AUSCERTid:ESB-2021.3454

Trust: 0.6

db:ICS CERTid:ICSA-21-287-06

Trust: 0.6

db:ICS CERTid:ICSA-21-315-12

Trust: 0.6

db:CNNVDid:CNNVD-202109-1831

Trust: 0.6

db:VULMONid:CVE-2021-41533

Trust: 0.1

sources: ZDI: ZDI-21-1117 // VULMON: CVE-2021-41533 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1831 // NVD: CVE-2021-41533

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-1117/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf

Trust: 1.6

url:https://www.siemens.com/cert/advisories/https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-287-06

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-41533

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3454

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092905

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-12

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111006

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-21-1117 // VULMON: CVE-2021-41533 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1831 // NVD: CVE-2021-41533

CREDITS

xina1i

Trust: 1.3

sources: ZDI: ZDI-21-1117 // CNNVD: CNNVD-202109-1831

SOURCES

db:ZDIid:ZDI-21-1117
db:VULMONid:CVE-2021-41533
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1831
db:NVDid:CVE-2021-41533

LAST UPDATE DATE

2022-05-05T07:08:08.659000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-1117date:2021-09-30T00:00:00
db:VULMONid:CVE-2021-41533date:2021-10-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1831date:2021-11-18T00:00:00
db:NVDid:CVE-2021-41533date:2021-11-28T23:29:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-1117date:2021-09-30T00:00:00
db:VULMONid:CVE-2021-41533date:2021-09-28T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1831date:2021-09-28T00:00:00
db:NVDid:CVE-2021-41533date:2021-09-28T12:15:00