Sign-up

ID

VAR-202111-0809


CVE

CVE-2021-43336


TITLE

Open Design Alliance (ODA) Drawing SDK DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-23-127 // ZDI: ZDI-23-126

DESCRIPTION

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object

Trust: 6.12

sources: NVD: CVE-2021-43336 // JVNDB: JVNDB-2021-007492 // ZDI: ZDI-22-334 // ZDI: ZDI-23-127 // ZDI: ZDI-23-126 // ZDI: ZDI-23-125 // ZDI: ZDI-23-210 // ZDI: ZDI-23-209 // ZDI: ZDI-23-212 // VULMON: CVE-2021-43336

AFFECTED PRODUCTS

vendor:open design alliance odamodel:drawing sdkscope: - version: -

Trust: 2.8

vendor:siemensmodel:solid edge viewerscope: - version: -

Trust: 1.4

vendor:opendesignmodel:drawings software development kitscope:ltversion:2022.11

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:13.3.0.1

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:eqversion:13.1.0

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:13.2.0

Trust: 1.0

vendor:siemensmodel:jt2goscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:ltversion:12.4.0.13

Trust: 1.0

vendor:siemensmodel:solid edgescope:eqversion:se2022

Trust: 1.0

vendor:siemensmodel:teamcenter visualizationscope:gteversion:12.4.0

Trust: 1.0

vendor:open design alliancemodel:drawings sdkscope:eqversion:2022.11

Trust: 0.8

vendor:open design alliancemodel:drawings sdkscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:jt2goscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-334 // ZDI: ZDI-23-127 // ZDI: ZDI-23-126 // ZDI: ZDI-23-125 // ZDI: ZDI-23-210 // ZDI: ZDI-23-209 // ZDI: ZDI-23-212 // JVNDB: JVNDB-2021-007492 // NVD: CVE-2021-43336

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-43336
value: HIGH

Trust: 4.9

NVD: CVE-2021-43336
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202111-1217
value: HIGH

Trust: 0.6

VULMON: CVE-2021-43336
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2021-43336
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

ZDI: CVE-2021-43336
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 4.9

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-43336
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-22-334 // ZDI: ZDI-23-127 // ZDI: ZDI-23-126 // ZDI: ZDI-23-125 // ZDI: ZDI-23-210 // ZDI: ZDI-23-209 // ZDI: ZDI-23-212 // VULMON: CVE-2021-43336 // JVNDB: JVNDB-2021-007492 // NVD: CVE-2021-43336 // CNNVD: CNNVD-202111-1217

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007492 // NVD: CVE-2021-43336

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1217

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202111-1217

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-43336

PATCH
title:Vulnerabilities in the ODA Drawings Software Development Kiturl:https://www.opendesign.com/security-advisories
Trust: 3.6
title:Siemens has issued an update to correct this vulnerability.url:https://cert-portal.siemens.com/productcert/html/ssa-491245.html
Trust: 1.4
title:Siemens has issued an update to correct this vulnerability.url:https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf
Trust: 0.7
title:Open Design Alliance Drawings SDK Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=170359
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=fefc850707fc7ccce29d30c42162ee31
Trust: 0.1
title: - url:https://github.com/live-hack-cve/cve-2021-43336 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-334 // 
            
            
            
            ZDI: ZDI-23-127 // 
            
            
            
            ZDI: ZDI-23-126 // 
            
            
            
            ZDI: ZDI-23-125 // 
            
            
            
            ZDI: ZDI-23-210 // 
            
            
            
            ZDI: ZDI-23-209 // 
            
            
            
            ZDI: ZDI-23-212 // 
            
            
            
            VULMON: CVE-2021-43336 // 
            
            
            
            JVNDB: JVNDB-2021-007492 // 
            
            
            
            CNNVD: CNNVD-202111-1217

EXTERNAL IDS
db:NVDid:CVE-2021-43336
Trust: 8.2
db:ZDIid:ZDI-22-334
Trust: 2.4
db:SIEMENSid:SSA-301589
Trust: 1.7
db:SIEMENSid:SSA-491245
Trust: 1.7
db:ICS CERTid:ICSA-22-041-07
Trust: 1.5
db:ICS CERTid:ICSA-23-047-01
Trust: 0.8
db:JVNid:JVNVU97514209
Trust: 0.8
db:JVNid:JVNVU98748974
Trust: 0.8
db:JVNDBid:JVNDB-2021-007492
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-15107
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19144
Trust: 0.7
db:ZDIid:ZDI-23-127
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19143
Trust: 0.7
db:ZDIid:ZDI-23-126
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19142
Trust: 0.7
db:ZDIid:ZDI-23-125
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19080
Trust: 0.7
db:ZDIid:ZDI-23-210
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19075
Trust: 0.7
db:ZDIid:ZDI-23-209
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-19165
Trust: 0.7
db:ZDIid:ZDI-23-212
Trust: 0.7
db:AUSCERTid:ESB-2023.0960
Trust: 0.6
db:CS-HELPid:SB2022021108
Trust: 0.6
db:CNNVDid:CNNVD-202111-1217
Trust: 0.6
db:VULMONid:CVE-2021-43336
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-334 // 
            
            
            
            ZDI: ZDI-23-127 // 
            
            
            
            ZDI: ZDI-23-126 // 
            
            
            
            ZDI: ZDI-23-125 // 
            
            
            
            ZDI: ZDI-23-210 // 
            
            
            
            ZDI: ZDI-23-209 // 
            
            
            
            ZDI: ZDI-23-212 // 
            
            
            
            VULMON: CVE-2021-43336 // 
            
            
            
            JVNDB: JVNDB-2021-007492 // 
            
            
            
            NVD: CVE-2021-43336 // 
            
            
            
            CNNVD: CNNVD-202111-1217

REFERENCES
url:https://www.opendesign.com/security-advisories
Trust: 4.5
url:https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf
Trust: 2.4
url:https://www.zerodayinitiative.com/advisories/zdi-22-334/
Trust: 2.4
url:https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/html/ssa-491245.html
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2021-43336
Trust: 1.4
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-041-07
Trust: 0.9
url:https://jvn.jp/vu/jvnvu98748974/
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97514209/index.html
Trust: 0.8
url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-047-01
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2022021108
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.0960
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-0
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2021-43336
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-334 // 
            
            
            
            ZDI: ZDI-23-127 // 
            
            
            
            ZDI: ZDI-23-126 // 
            
            
            
            ZDI: ZDI-23-125 // 
            
            
            
            ZDI: ZDI-23-210 // 
            
            
            
            ZDI: ZDI-23-209 // 
            
            
            
            ZDI: ZDI-23-212 // 
            
            
            
            VULMON: CVE-2021-43336 // 
            
            
            
            JVNDB: JVNDB-2021-007492 // 
            
            
            
            NVD: CVE-2021-43336 // 
            
            
            
            CNNVD: CNNVD-202111-1217

CREDITS
Mat Powell & Jimmy Calderon (@vectors2final) of Trend Micro Zero Day Initiative
Trust: 2.8
sources:
            
            
            ZDI: ZDI-23-127 // 
            
            
            
            ZDI: ZDI-23-126 // 
            
            
            
            ZDI: ZDI-23-125 // 
            
            
            
            ZDI: ZDI-23-212

SOURCES
db:ZDIid:ZDI-22-334
db:ZDIid:ZDI-23-127
db:ZDIid:ZDI-23-126
db:ZDIid:ZDI-23-125
db:ZDIid:ZDI-23-210
db:ZDIid:ZDI-23-209
db:ZDIid:ZDI-23-212
db:VULMONid:CVE-2021-43336
db:JVNDBid:JVNDB-2021-007492
db:NVDid:CVE-2021-43336
db:CNNVDid:CNNVD-202111-1217

LAST UPDATE DATE
2023-12-18T10:50:00.081000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-22-334date:2022-02-15T00:00:00
db:ZDIid:ZDI-23-127date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-126date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-125date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-210date:2023-03-01T00:00:00
db:ZDIid:ZDI-23-209date:2023-03-01T00:00:00
db:ZDIid:ZDI-23-212date:2023-03-06T00:00:00
db:VULMONid:CVE-2021-43336date:2023-02-24T00:00:00
db:JVNDBid:JVNDB-2021-007492date:2023-02-17T02:09:00
db:NVDid:CVE-2021-43336date:2023-02-24T15:53:38.813
db:CNNVDid:CNNVD-202111-1217date:2023-02-17T00:00:00

SOURCES RELEASE DATE
db:ZDIid:ZDI-22-334date:2022-02-15T00:00:00
db:ZDIid:ZDI-23-127date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-126date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-125date:2023-02-09T00:00:00
db:ZDIid:ZDI-23-210date:2023-03-01T00:00:00
db:ZDIid:ZDI-23-209date:2023-03-01T00:00:00
db:ZDIid:ZDI-23-212date:2023-02-09T00:00:00
db:VULMONid:CVE-2021-43336date:2021-11-14T00:00:00
db:JVNDBid:JVNDB-2021-007492date:2022-02-15T00:00:00
db:NVDid:CVE-2021-43336date:2021-11-14T21:15:08.263
db:CNNVDid:CNNVD-202111-1217date:2021-11-14T00:00:00