Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41538

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

Published

2021-09-28T12:15:08.250

Last Modified

2024-11-21T06:26:22.410

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-824
  • Type: Primary
    CWE-824
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application siemens solid_edge < se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Application siemens solid_edge se2021 Yes
Operating System siemens nx_1984_firmware < 1984 Yes
Hardware siemens nx_1984 - No
Operating System siemens nx_1988_firmware < 1984 Yes
Hardware siemens nx_1988 - No
Operating System siemens nx_1957_firmware < 1973.3700 Yes
Hardware siemens nx_1957 - No
Operating System siemens nx_1961_firmware < 1973.3700 Yes
Hardware siemens nx_1961 - No
Operating System siemens nx_1965_firmware < 1973.3700 Yes
Hardware siemens nx_1965 - No
Operating System siemens nx_1969_firmware < 1973.3700 Yes
Hardware siemens nx_1969 - No
References