Vulnerability-Lookup

CVE-2020-28381 (GCVE-0-2020-28381)

Vulnerability from cvelistv5 – Published: 2021-01-12 20:18 – Updated: 2024-08-04 16:33

Summary

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.

Severity ?

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

siemens

References

URL

GHSA-97X2-PHF9-HW3V

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38

Details

A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-28381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Solid Edge (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-97x2-phf9-hw3v",
  "modified": "2022-05-24T17:38:35Z",
  "published": "2022-05-24T17:38:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28381"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-02634

Vulnerability from cnvd - Published: 2021-01-13

Title

Solid Edge存在未明漏洞

Description

Solid Edge是一个解决各种产品开发过程的软件工具组合。 Solid Edge存在未明漏洞，攻击者可以利用这个漏洞在当前进程的上下文中执行代码。

Severity

高

Patch Name

Solid Edge存在未明漏洞的补丁

Patch Description

Solid Edge是一个解决各种产品开发过程的软件工具组合。 Solid Edge存在未明漏洞，攻击者可以利用这个漏洞在当前进程的上下文中执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布相关漏洞补丁链接，请及时更新： https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf

Impacted products

Name
SIEMENS Solid Edge <SE2021MP2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-28381"
    }
  },
  "description": "Solid Edge\u662f\u4e00\u4e2a\u89e3\u51b3\u5404\u79cd\u4ea7\u54c1\u5f00\u53d1\u8fc7\u7a0b\u7684\u8f6f\u4ef6\u5de5\u5177\u7ec4\u5408\u3002\n\nSolid Edge\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-02634",
  "openTime": "2021-01-13",
  "patchDescription": "Solid Edge\u662f\u4e00\u4e2a\u89e3\u51b3\u5404\u79cd\u4ea7\u54c1\u5f00\u53d1\u8fc7\u7a0b\u7684\u8f6f\u4ef6\u5de5\u5177\u7ec4\u5408\u3002\r\n\r\nSolid Edge\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Solid Edge\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS Solid Edge \u003cSE2021MP2"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2021-01-13",
  "title": "Solid Edge\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2020-28381

Vulnerability from fkie_nvd - Published: 2021-01-12 21:15 - Updated: 2024-11-21 05:22

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf	Vendor Advisory
productcert@siemens.com	https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04	Third Party Advisory, US Government Resource
productcert@siemens.com	https://www.zerodayinitiative.com/advisories/ZDI-21-048/	Third Party Advisory, VDB Entry
productcert@siemens.com	https://www.zerodayinitiative.com/advisories/ZDI-21-053/	Third Party Advisory, VDB Entry
productcert@siemens.com	https://www.zerodayinitiative.com/advisories/ZDI-21-074/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-048/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-053/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-074/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
siemens	solid_edge	*
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2020
siemens	solid_edge	se2021
siemens	solid_edge	se2021

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF39DFE-A31B-4324-BB62-0B446ACA04B7",
              "versionEndExcluding": "se2020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*",
              "matchCriteriaId": "07440B76-B975-4946-8A97-38C564D240E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*",
              "matchCriteriaId": "5F0A748E-BB6F-4604-8024-F50DC0C20EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack10:*:*:*:*:*:*",
              "matchCriteriaId": "F4F37267-6B37-46A4-B9F9-4264BEC922D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack11:*:*:*:*:*:*",
              "matchCriteriaId": "CB1DC54B-E715-4425-B6B6-900F2CFBCE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*",
              "matchCriteriaId": "2F495722-39BD-4BA1-A643-C7D0BA81CC21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*",
              "matchCriteriaId": "7B776512-BF3D-4F70-BD58-AFF8E1B03EE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*",
              "matchCriteriaId": "99E05299-50FD-4292-9978-8E05C1483FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*",
              "matchCriteriaId": "2447D05B-2634-4895-B7B0-6F7DBB9D2EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*",
              "matchCriteriaId": "CBBD39F3-790F-4017-A57E-6EFC314F0557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*",
              "matchCriteriaId": "B4387BFA-8A98-433E-9EF7-B29226C195A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*",
              "matchCriteriaId": "9E380F66-C11C-472B-9B71-7CB4AF4FABDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack9:*:*:*:*:*:*",
              "matchCriteriaId": "0CF4ACE1-B069-4007-8142-7F90015BBE9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
              "matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
              "matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP12), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP2). Las aplicaciones afectadas carecen de una comprobaci\u00f3n apropiada de los datos proporcionados por el usuario al analizar archivos PAR. Esto podr\u00eda resultar en una escritura fuera de los l\u00edmites en la memoria no inicializada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"
    }
  ],
  "id": "CVE-2020-28381",
  "lastModified": "2024-11-21T05:22:41.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-12T21:15:17.683",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-018

Vulnerability from certfr_avis - Published: 2021-01-12 - Updated: 2021-01-12

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Les commutateurs de la famille SCALANCE X-200IRT (inclus les variants SIPLUSNET)
Siemens	N/A	Les commutateurs de la famille SCALANCE X-300 (inclus les variants X408 et SIPLUS NET) versions antérieures à V4.1.0
Siemens	N/A	Solid Edge versions antérieures à SE2021MP2
Siemens	N/A	T2Go versions antérieures à V13.1.0
Siemens	N/A	Teamcenter Visualization versions antérieures à V13.1.0 (cette version reste vulnérable aux vulnérabilités CVE-2020-26989, CVE-2020-26990 et CVE-2020-26991)
Siemens	N/A	Les commutateurs de la famille SCALANCE X-200 (inclus les variants SIPLUSNET)

References

Title

Publication Time

GSD-2020-28381

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-28381

Aliases

CVE-2020-28381

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-28381",
    "description": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.",
    "id": "GSD-2020-28381"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-28381"
      ],
      "details": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.",
      "id": "GSD-2020-28381",
      "modified": "2023-12-13T01:22:01.481868Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2020-28381",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Solid Edge SE2020",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All Versions \u003c SE2020MP12"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Solid Edge SE2021",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All Versions \u003c SE2021MP2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-787: Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "se2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-28381"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP12), Solid Edge SE2021 (All Versions \u003c SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-053/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-074/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-12-10T21:47Z",
      "publishedDate": "2021-01-12T21:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-28381 (GCVE-0-2020-28381)

GHSA-97X2-PHF9-HW3V

CNVD-2021-02634

FKIE_CVE-2020-28381

CERTFR-2021-AVI-018

Solution

GSD-2020-28381

Tags

Sightings

Nomenclature