7.8

CVE-2021-27380

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensSolid Edge Version < se2020
SiemensSolid Edge Versionse2020 Update-
SiemensSolid Edge Versionse2020 Updatemaintenance_pack1
SiemensSolid Edge Versionse2020 Updatemaintenance_pack10
SiemensSolid Edge Versionse2020 Updatemaintenance_pack11
SiemensSolid Edge Versionse2020 Updatemaintenance_pack12
SiemensSolid Edge Versionse2020 Updatemaintenance_pack2
SiemensSolid Edge Versionse2020 Updatemaintenance_pack3
SiemensSolid Edge Versionse2020 Updatemaintenance_pack4
SiemensSolid Edge Versionse2020 Updatemaintenance_pack5
SiemensSolid Edge Versionse2020 Updatemaintenance_pack6
SiemensSolid Edge Versionse2020 Updatemaintenance_pack7
SiemensSolid Edge Versionse2020 Updatemaintenance_pack8
SiemensSolid Edge Versionse2020 Updatemaintenance_pack9
SiemensSolid Edge Versionse2021 Update-
SiemensSolid Edge Versionse2021 Updatemaintenance_pack1
SiemensSolid Edge Versionse2021 Updatemaintenance_pack2
SiemensSolid Edge Versionse2021 Updatemaintenance_pack3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.55
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06
Third Party Advisory
US Government Resource