7.8

CVE-2020-28384

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

Data is provided by the National Vulnerability Database (NVD)
SiemensSolid Edge Version < se2020
SiemensSolid Edge Versionse2020 Update-
SiemensSolid Edge Versionse2020 Updatemaintenance_pack1
SiemensSolid Edge Versionse2020 Updatemaintenance_pack10
SiemensSolid Edge Versionse2020 Updatemaintenance_pack11
SiemensSolid Edge Versionse2020 Updatemaintenance_pack2
SiemensSolid Edge Versionse2020 Updatemaintenance_pack3
SiemensSolid Edge Versionse2020 Updatemaintenance_pack4
SiemensSolid Edge Versionse2020 Updatemaintenance_pack5
SiemensSolid Edge Versionse2020 Updatemaintenance_pack6
SiemensSolid Edge Versionse2020 Updatemaintenance_pack7
SiemensSolid Edge Versionse2020 Updatemaintenance_pack8
SiemensSolid Edge Versionse2020 Updatemaintenance_pack9
SiemensSolid Edge Versionse2021 Update-
SiemensSolid Edge Versionse2021 Updatemaintenance_pack1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.96% 0.744
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04
Third Party Advisory
US Government Resource