Vulnerability-Lookup

CVE-2021-43391 (GCVE-0-2021-43391)

Vulnerability from cvelistv5 – Published: 2021-11-14 00:00 – Updated: 2024-08-04 03:55

Summary

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CERTFR-2023-AVI-0121

Vulnerability from certfr_avis - Published: 2023-02-14 - Updated: 2023-02-14

De multiples vulnérabilités ont été corrigées dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	JT Utilities versions antérieures à V13.2.3.0
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.170
Siemens	N/A	TIA Project-Server versions antérieures à V1.1
Siemens	N/A	COMOS V10.3.3.4 versions antérieures à V10.3.3.4.6
Siemens	N/A	SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Parasolid V34.1 versions antérieures à V34.1.242
Siemens	N/A	TIA Multiuser Server V16 toutes les versions
Siemens	N/A	COMOS V10.2 toutes les versions
Siemens	N/A	Simcenter Femap versions antérieures à V2023.1
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.12) antérieures à V9.12.10
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.150
Siemens	N/A	COMOS V10.3.3.3 versions antérieures à V10.3.3.3.9
Siemens	N/A	SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions antérieures à V5.5.0
Siemens	N/A	Brownfield Connectivity - Client versions antérieures à V2.15
Siemens	N/A	COMOS V10.4.2.0 versions antérieures à V10.4.2.0.25
Siemens	N/A	TIA Multiuser Server V14 toutes les versions
Siemens	N/A	COMOS V10.3.3.1 versions antérieures à V10.3.3.1.45
Siemens	N/A	Parasolid V34.0 versions antérieures à V34.0.254
Siemens	N/A	SiPass integrated AC5102 (ACC-G2) versions antérieures à V2.85.44
Siemens	N/A	Solid Edge SE2023 versions antérieures à V2023Update2
Siemens	N/A	SiPass integrated ACC-AP versions antérieures à V2.85.43
Siemens	N/A	SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	COMOS V10.4.0.0 versions antérieures à V10.4.0.0.31
Siemens	N/A	Applications utilisant Mendix versions 7 antérieures à V7.23.34
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.18) antérieures à V9.18.4
Siemens	N/A	SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	TIA Multiuser Server V15 versions antérieures à V15.1 Update 8
Siemens	N/A	SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions antérieures à V5.5.0
Siemens	N/A	SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Applications utilisant Mendix versions 8 antérieures à V8.18.23
Siemens	N/A	Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions
Siemens	N/A	SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Brownfield Connectivity - Gateway versions antérieures à V1.11
Siemens	N/A	SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	TIA Multiuser Server V17 toutes les versions
Siemens	N/A	Famille de produits RUGGEDCOM APE1808 toutes les versions
Siemens	N/A	SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens	N/A	Applications utilisant Mendix versions 9 (V9.6) antérieures à V9.6.15
Siemens	N/A	COMOS V10.4.1.0 versions antérieures à V10.4.1.0.32
Siemens	N/A	SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions antérieures à V5.5.0
Siemens	N/A	COMOS V10.3.3.2 versions antérieures à V10.3.3.2.33
Siemens	N/A	Tecnomatix Plant Simulation versions antérieures à V2201.0006
Siemens	N/A	JT Open versions antérieures à V11.2.3.0
Siemens	N/A	Applications utilisant Mendix versions 9 antérieures à V9.22.0

References

Title

Publication Time

Tags

Bulletin de sécurité [SCADA] Siemens SSA-847261 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-693110 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-953464 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-744259 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-617755 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-658793 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-450613 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-491245 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-686975 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-836777 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-565356 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-252808 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-640968 du 14 février 2023	None	vendor-advisory
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Project-Server versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.4 versions ant\u00e9rieures \u00e0 V10.3.3.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.1 versions ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V16 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.2 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.12) ant\u00e9rieures \u00e0 V9.12.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.3 versions ant\u00e9rieures \u00e0 V10.3.3.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Client versions ant\u00e9rieures \u00e0 V2.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.2.0 versions ant\u00e9rieures \u00e0 V10.4.2.0.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V14 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.1 versions ant\u00e9rieures \u00e0 V10.3.3.1.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.0 versions ant\u00e9rieures \u00e0 V34.0.254",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated AC5102 (ACC-G2) versions ant\u00e9rieures \u00e0 V2.85.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 V2023Update2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated ACC-AP versions ant\u00e9rieures \u00e0 V2.85.43",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.0.0 versions ant\u00e9rieures \u00e0 V10.4.0.0.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 7 ant\u00e9rieures \u00e0 V7.23.34",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.18) ant\u00e9rieures \u00e0 V9.18.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V15 versions ant\u00e9rieures \u00e0 V15.1 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 8 ant\u00e9rieures \u00e0 V8.18.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Gateway versions ant\u00e9rieures \u00e0 V1.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V17 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits RUGGEDCOM APE1808 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.6) ant\u00e9rieures \u00e0 V9.6.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.1.0 versions ant\u00e9rieures \u00e0 V10.4.1.0.32",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.2 versions ant\u00e9rieures \u00e0 V10.3.3.2.33",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation versions ant\u00e9rieures \u00e0 V2201.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 ant\u00e9rieures \u00e0 V9.22.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-24556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24556"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2023-24990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24990"
    },
    {
      "name": "CVE-2022-39157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
    },
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2023-22669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
    },
    {
      "name": "CVE-2023-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24549"
    },
    {
      "name": "CVE-2023-24560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24560"
    },
    {
      "name": "CVE-2022-31808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31808"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2023-24552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24552"
    },
    {
      "name": "CVE-2021-43391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43391"
    },
    {
      "name": "CVE-2023-24980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24980"
    },
    {
      "name": "CVE-2021-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
    },
    {
      "name": "CVE-2022-33984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33984"
    },
    {
      "name": "CVE-2023-24551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24551"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2023-24992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24992"
    },
    {
      "name": "CVE-2022-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2022-33906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33906"
    },
    {
      "name": "CVE-2023-24562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24562"
    },
    {
      "name": "CVE-2023-24482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24482"
    },
    {
      "name": "CVE-2023-24994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24994"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2022-43397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
    },
    {
      "name": "CVE-2023-24561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24561"
    },
    {
      "name": "CVE-2023-24995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24995"
    },
    {
      "name": "CVE-2022-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30774"
    },
    {
      "name": "CVE-2023-24553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24553"
    },
    {
      "name": "CVE-2023-24984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24984"
    },
    {
      "name": "CVE-2021-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
    },
    {
      "name": "CVE-2023-24993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24993"
    },
    {
      "name": "CVE-2023-24558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24558"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2023-22295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22295"
    },
    {
      "name": "CVE-2021-32948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
    },
    {
      "name": "CVE-2022-33982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33982"
    },
    {
      "name": "CVE-2023-22846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22846"
    },
    {
      "name": "CVE-2023-24983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24983"
    },
    {
      "name": "CVE-2022-47936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47936"
    },
    {
      "name": "CVE-2022-47977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47977"
    },
    {
      "name": "CVE-2023-24550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24550"
    },
    {
      "name": "CVE-2023-24565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24565"
    },
    {
      "name": "CVE-2023-25140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25140"
    },
    {
      "name": "CVE-2023-24988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24988"
    },
    {
      "name": "CVE-2022-35868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35868"
    },
    {
      "name": "CVE-2023-24554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24554"
    },
    {
      "name": "CVE-2022-33907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33907"
    },
    {
      "name": "CVE-2021-43336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
    },
    {
      "name": "CVE-2023-24581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24581"
    },
    {
      "name": "CVE-2023-22321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22321"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2023-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24557"
    },
    {
      "name": "CVE-2023-24566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24566"
    },
    {
      "name": "CVE-2023-24978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24978"
    },
    {
      "name": "CVE-2023-24555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24555"
    },
    {
      "name": "CVE-2023-24979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24979"
    },
    {
      "name": "CVE-2023-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22354"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2023-24987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24987"
    },
    {
      "name": "CVE-2023-24986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24986"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2023-23579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23579"
    },
    {
      "name": "CVE-2023-24564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24564"
    },
    {
      "name": "CVE-2023-24982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24982"
    },
    {
      "name": "CVE-2023-24996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24996"
    },
    {
      "name": "CVE-2022-31243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31243"
    },
    {
      "name": "CVE-2023-24563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24563"
    },
    {
      "name": "CVE-2023-24985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24985"
    },
    {
      "name": "CVE-2023-24991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24991"
    },
    {
      "name": "CVE-2023-24981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24981"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-33908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33908"
    },
    {
      "name": "CVE-2023-23835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23835"
    },
    {
      "name": "CVE-2023-24559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24559"
    },
    {
      "name": "CVE-2023-24989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24989"
    },
    {
      "name": "CVE-2023-22670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
    }
  ],
  "initial_release_date": "2023-02-14T00:00:00",
  "last_revision_date": "2023-02-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf"
    }
  ],
  "reference": "CERTFR-2023-AVI-0121",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-847261 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-693110 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-953464 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-744259 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-617755 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-658793 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-450613 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-491245 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-686975 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-836777 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-565356 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-252808 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-640968 du 14 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

CNVD-2021-89165

Vulnerability from cnvd - Published: 2021-11-19

Title

Open Design Alliance Drawings SDK存在未明漏洞（CNVD-2021-89165）

Description

Open Design Alliance Drawings SDK是美国Open Design Alliance公司的一款应用于图纸设计的软件开发包。该开发包通过方便的，面向对象的API访问.dwg和.dgn中的数据，提供C++API、支持修复文件、.NET，JAVA，Python开发语言的支持等功能。 Open Design Alliance Drawings SDK 2022.11之前版本存在安全漏洞，该漏洞源于软件读取DXF文件时存在一个out - bounds Read漏洞。具体的问题存在于DXF文件的解析中。DXF文件中精心制作的数据(行类型中无效的破折号计数器)可以触发读取已分配缓冲区的结束。攻击者可以利用此漏洞在当前进程的上下文中执行代码。

Severity

中

Patch Name

Open Design Alliance Drawings SDK存在未明漏洞（CNVD-2021-89165）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.opendesign.com/security-advisories

Reference

https://www.opendesign.com/security-advisories

Impacted products

Name
Open Design Alliance Drawings SDK <2022.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-43391"
    }
  },
  "description": "Open Design Alliance Drawings SDK\u662f\u7f8e\u56fdOpen Design Alliance\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u4e8e\u56fe\u7eb8\u8bbe\u8ba1\u7684\u8f6f\u4ef6\u5f00\u53d1\u5305\u3002\u8be5\u5f00\u53d1\u5305\u901a\u8fc7\u65b9\u4fbf\u7684\uff0c\u9762\u5411\u5bf9\u8c61\u7684API\u8bbf\u95ee.dwg\u548c.dgn\u4e2d\u7684\u6570\u636e\uff0c\u63d0\u4f9bC++API\u3001\u652f\u6301\u4fee\u590d\u6587\u4ef6\u3001.NET\uff0cJAVA\uff0cPython\u5f00\u53d1\u8bed\u8a00\u7684\u652f\u6301\u7b49\u529f\u80fd\u3002\n\nOpen Design Alliance Drawings SDK 2022.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u8bfb\u53d6DXF\u6587\u4ef6\u65f6\u5b58\u5728\u4e00\u4e2aout - bounds Read\u6f0f\u6d1e\u3002\u5177\u4f53\u7684\u95ee\u9898\u5b58\u5728\u4e8eDXF\u6587\u4ef6\u7684\u89e3\u6790\u4e2d\u3002DXF\u6587\u4ef6\u4e2d\u7cbe\u5fc3\u5236\u4f5c\u7684\u6570\u636e(\u884c\u7c7b\u578b\u4e2d\u65e0\u6548\u7684\u7834\u6298\u53f7\u8ba1\u6570\u5668)\u53ef\u4ee5\u89e6\u53d1\u8bfb\u53d6\u5df2\u5206\u914d\u7f13\u51b2\u533a\u7684\u7ed3\u675f\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.opendesign.com/security-advisories",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-89165",
  "openTime": "2021-11-19",
  "patchDescription": "Open Design Alliance Drawings SDK\u662f\u7f8e\u56fdOpen Design Alliance\u516c\u53f8\u7684\u4e00\u6b3e\u5e94\u7528\u4e8e\u56fe\u7eb8\u8bbe\u8ba1\u7684\u8f6f\u4ef6\u5f00\u53d1\u5305\u3002\u8be5\u5f00\u53d1\u5305\u901a\u8fc7\u65b9\u4fbf\u7684\uff0c\u9762\u5411\u5bf9\u8c61\u7684API\u8bbf\u95ee.dwg\u548c.dgn\u4e2d\u7684\u6570\u636e\uff0c\u63d0\u4f9bC++API\u3001\u652f\u6301\u4fee\u590d\u6587\u4ef6\u3001.NET\uff0cJAVA\uff0cPython\u5f00\u53d1\u8bed\u8a00\u7684\u652f\u6301\u7b49\u529f\u80fd\u3002\r\n\r\nOpen Design Alliance Drawings SDK 2022.11\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6f\u4ef6\u8bfb\u53d6DXF\u6587\u4ef6\u65f6\u5b58\u5728\u4e00\u4e2aout - bounds Read\u6f0f\u6d1e\u3002\u5177\u4f53\u7684\u95ee\u9898\u5b58\u5728\u4e8eDXF\u6587\u4ef6\u7684\u89e3\u6790\u4e2d\u3002DXF\u6587\u4ef6\u4e2d\u7cbe\u5fc3\u5236\u4f5c\u7684\u6570\u636e(\u884c\u7c7b\u578b\u4e2d\u65e0\u6548\u7684\u7834\u6298\u53f7\u8ba1\u6570\u5668)\u53ef\u4ee5\u89e6\u53d1\u8bfb\u53d6\u5df2\u5206\u914d\u7f13\u51b2\u533a\u7684\u7ed3\u675f\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Open Design Alliance Drawings SDK\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-89165\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Open Design Alliance Drawings SDK \u003c2022.11"
  },
  "referenceLink": "https://www.opendesign.com/security-advisories",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-16",
  "title": "Open Design Alliance Drawings SDK\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-89165\uff09"
}

FKIE_CVE-2021-43391

Vulnerability from fkie_nvd - Published: 2021-11-14 21:15 - Updated: 2024-11-21 06:29

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
cve@mitre.org	https://www.opendesign.com/security-advisories	Vendor Advisory
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-21-1352/	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.zerodayinitiative.com/advisories/ZDI-21-1361/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
af854a3a-2127-422b-91ae-364da2661108	https://www.opendesign.com/security-advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1352/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1361/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	opendesign	drawings_software_development_kit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2517E46B-54DB-49E1-88DB-905365792054",
              "versionEndExcluding": "2022.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites cuando es le\u00eddo un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. El problema espec\u00edfico es presentado en el an\u00e1lisis de los archivos DXF. Los datos dise\u00f1ados en un archivo DXF (un contador de guiones no v\u00e1lido en los tipos de l\u00edneas) pueden desencadenar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"
    }
  ],
  "id": "CVE-2021-43391",
  "lastModified": "2024-11-21T06:29:08.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-14T21:15:08.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.opendesign.com/security-advisories"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.opendesign.com/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-43391

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-43391

Aliases

CVE-2021-43391

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-43391",
    "description": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
    "id": "GSD-2021-43391"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-43391"
      ],
      "details": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
      "id": "GSD-2021-43391",
      "modified": "2023-12-13T01:23:26.740823Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-43391",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.opendesign.com/security-advisories",
            "refsource": "MISC",
            "url": "https://www.opendesign.com/security-advisories"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-43391"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.opendesign.com/security-advisories",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.opendesign.com/security-advisories"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-14T12:15Z",
      "publishedDate": "2021-11-14T21:15Z"
    }
  }
}

GHSA-HX65-7CC8-9862

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2023-02-14 12:30

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-43391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-hx65-7cc8-9862",
  "modified": "2023-02-14T12:30:25Z",
  "published": "2022-05-24T19:20:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43391"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.opendesign.com/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1352"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-43391 (GCVE-0-2021-43391)

CERTFR-2023-AVI-0121

Solution

CNVD-2021-89165

FKIE_CVE-2021-43391

GSD-2021-43391

GHSA-HX65-7CC8-9862

Tags

Sightings

Nomenclature