Vulnerability-Lookup

CVE-2021-27382 (GCVE-0-2021-27382)

Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48

Summary

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)

Severity ?

No CVSS data available.

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

siemens

References

URL

GHSA-G8V3-CMWH-49M4

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48

Details

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)",
  "id": "GHSA-g8v3-cmwh-49m4",
  "modified": "2022-05-24T17:48:17Z",
  "published": "2022-05-24T17:48:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27382"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-28693

Vulnerability from cnvd - Published: 2021-04-15

Title

Siemens Solid Edge PAR文件堆栈缓冲区溢出漏洞

Description

Siemens Solid Edge是一款三维CAD软件。该软件可用于零件设计、装配设计、钣金设计、焊接设计等行业。 Siemens Solid Edge PAR文件堆存在栈缓冲区溢出漏洞。该漏洞是由于受影响的应用程序在解析PAR文件时缺乏对用户提供的数据的正确验证。攻击者可利用漏洞在当前进程的上下文中执行代码。

Severity

高

Patch Name

Siemens Solid Edge PAR文件堆栈缓冲区溢出漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf

Impacted products

Name
Siemens Solid Edge SE2020 SE2020MP13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27382"
    }
  },
  "description": "Siemens Solid Edge\u662f\u4e00\u6b3e\u4e09\u7ef4CAD\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7528\u4e8e\u96f6\u4ef6\u8bbe\u8ba1\u3001\u88c5\u914d\u8bbe\u8ba1\u3001\u94a3\u91d1\u8bbe\u8ba1\u3001\u710a\u63a5\u8bbe\u8ba1\u7b49\u884c\u4e1a\u3002\n\nSiemens Solid Edge PAR\u6587\u4ef6\u5806\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5728\u89e3\u6790PAR\u6587\u4ef6\u65f6\u7f3a\u4e4f\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28693",
  "openTime": "2021-04-15",
  "patchDescription": "Siemens Solid Edge\u662f\u4e00\u6b3e\u4e09\u7ef4CAD\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7528\u4e8e\u96f6\u4ef6\u8bbe\u8ba1\u3001\u88c5\u914d\u8bbe\u8ba1\u3001\u94a3\u91d1\u8bbe\u8ba1\u3001\u710a\u63a5\u8bbe\u8ba1\u7b49\u884c\u4e1a\u3002\r\n\r\nSiemens Solid Edge PAR\u6587\u4ef6\u5806\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u5728\u89e3\u6790PAR\u6587\u4ef6\u65f6\u7f3a\u4e4f\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens Solid Edge PAR\u6587\u4ef6\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens Solid Edge SE2020 SE2020MP13"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-13",
  "title": "Siemens Solid Edge PAR\u6587\u4ef6\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CERTFR-2021-AVI-255

Vulnerability from certfr_avis - Published: 2021-04-14 - Updated: 2021-04-14

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	LOGO! Soft Comfort toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R2
Siemens	N/A	Solid Edge SE2021 versions antérieures à SE2021MP4
Siemens	N/A	SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.2.9
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R3
Siemens	N/A	Nucleus NET versions antérieures à 5.2
Siemens	N/A	TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions antérieures à V2.6.0
Siemens	N/A	SiNVR/SiVMS Video Server toutes versions
Siemens	N/A	Nucleus RTOS versions contenant le module DNS affecté
Siemens	N/A	SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.0.44
Siemens	N/A	Solid Edge SE2020 toutes versions
Siemens	N/A	SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions antérieures à V3.1.1
Siemens	N/A	SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions
Siemens	N/A	Opcenter Quality versions antérieures à 12.2
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R1
Siemens	N/A	SIMATIC NET CP 443-5 Extended toutes versions
Siemens	N/A	VSTAR versions contenant le module DNS affecté
Siemens	N/A	Control Center Server (CCS) toutes versions
Siemens	N/A	TIM 4R-IE (incl. SIPLUS NET variants) toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R1
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à 3.0
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R2
Siemens	N/A	SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.1.1
Siemens	N/A	SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.2.9
Siemens	N/A	SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2018 R2
Siemens	N/A	Nucleus ReadyStart toutes versions
Siemens	N/A	Nucleus 4 versions antérieures à 4.1.0
Siemens	N/A	Siveillance Video Open Network Bridge:2018 R3
Siemens	N/A	QMS Automotive versions antérieures à 12.30
Siemens	N/A	Tecnomatix RobotExpert versions antérieures à 16.1
Siemens	N/A	TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions antérieures à V3.1.0
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R3
Siemens	N/A	Nucleus Source Code versions contenant le module DNS affecté
Siemens	N/A	TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions
Siemens	N/A	SIMOTICS CONNECT 400 toutes verions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-788287 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-248289 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-853866 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-185699 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-983300 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-844761 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-163226 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-763427 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-497656 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-761617 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-669158 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-574442 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-705111 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-292794 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-761844 du 13 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "LOGO! Soft Comfort toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiNVR/SiVMS Video Server toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus RTOS versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2020 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Quality versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-5 Extended toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "VSTAR versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Control Center Server (CCS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE (incl. SIPLUS NET variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2018 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus ReadyStart toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2018 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus Source Code versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTICS CONNECT 400 toutes verions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
    },
    {
      "name": "CVE-2015-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7855"
    },
    {
      "name": "CVE-2019-18339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18339"
    },
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2016-4953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
    },
    {
      "name": "CVE-2021-27389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27389"
    },
    {
      "name": "CVE-2021-27382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27382"
    },
    {
      "name": "CVE-2020-27736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
    },
    {
      "name": "CVE-2021-27380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
    },
    {
      "name": "CVE-2015-5219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5219"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2015-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
    },
    {
      "name": "CVE-2015-7705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
    },
    {
      "name": "CVE-2021-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27392"
    },
    {
      "name": "CVE-2019-19956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
    },
    {
      "name": "CVE-2021-25663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
    },
    {
      "name": "CVE-2020-15795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-4954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
    },
    {
      "name": "CVE-2021-25664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
    },
    {
      "name": "CVE-2020-25243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25243"
    },
    {
      "name": "CVE-2015-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
    },
    {
      "name": "CVE-2015-8214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
    },
    {
      "name": "CVE-2019-19299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
    },
    {
      "name": "CVE-2020-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
    },
    {
      "name": "CVE-2021-25678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25678"
    },
    {
      "name": "CVE-2020-7595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
    },
    {
      "name": "CVE-2021-27393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
    },
    {
      "name": "CVE-2020-25244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25244"
    },
    {
      "name": "CVE-2019-18340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18340"
    },
    {
      "name": "CVE-2021-25670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25670"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-7871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7871"
    },
    {
      "name": "CVE-2020-27738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
    },
    {
      "name": "CVE-2019-19298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
    },
    {
      "name": "CVE-2020-26997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26997"
    },
    {
      "name": "CVE-2019-19291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
    },
    {
      "name": "CVE-2020-27737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
    },
    {
      "name": "CVE-2019-19297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    },
    {
      "name": "CVE-2021-25677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
    },
    {
      "name": "CVE-2019-19296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
    }
  ],
  "initial_release_date": "2021-04-14T00:00:00",
  "last_revision_date": "2021-04-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-255",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    }
  ]
}

GSD-2021-27382

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-27382

Aliases

CVE-2021-27382

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27382",
    "description": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)",
    "id": "GSD-2021-27382"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27382"
      ],
      "details": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)",
      "id": "GSD-2021-27382",
      "modified": "2023-12-13T01:23:35.878096Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2021-27382",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Solid Edge SE2020",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c SE2020MP13"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Solid Edge SE2020",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c SE2020MP14"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Solid Edge SE2021",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All Versions \u003c SE2021MP4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-121: Stack-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
            "refsource": "CONFIRM",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2020:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "se2020mp13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge_se2021:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "se2021mp14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-27382"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-121"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-12-15T14:05Z",
      "publishedDate": "2021-04-22T21:15Z"
    }
  }
}

FKIE_CVE-2021-27382

Vulnerability from fkie_nvd - Published: 2021-04-22 21:15 - Updated: 2024-11-21 05:57

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf	Vendor Advisory
productcert@siemens.com	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06	Third Party Advisory, US Government Resource
productcert@siemens.com	https://www.zerodayinitiative.com/advisories/ZDI-21-612/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-612/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	siemens	solid_edge_se2020	*
	siemens	solid_edge_se2021	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2020:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF72CFDF-0F35-434F-9BBC-181B6CD98086",
              "versionEndIncluding": "se2020mp13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_se2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EE7B47-BED5-4D33-8D1F-913267DDBA12",
              "versionEndExcluding": "se2021mp14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2020 (All versions \u003c SE2020MP14), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)"
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP13), Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP14), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP4). Las aplicaciones afectadas carecen de la validaci\u00f3n adecuada de los datos suministrados por el usuario al analizar los archivos PAR. Esto podr\u00eda dar lugar a un desbordamiento del b\u00fafer basado en la pila. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. (ZDI-CAN-13040)"
    }
  ],
  "id": "CVE-2021-27382",
  "lastModified": "2024-11-21T05:57:52.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T21:15:10.303",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-612/"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-27382 (GCVE-0-2021-27382)

GHSA-G8V3-CMWH-49M4

CNVD-2021-28693

CERTFR-2021-AVI-255

Solution

GSD-2021-27382

FKIE_CVE-2021-27382

Tags

Sightings

Nomenclature