CVE-2021-41538 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2021-41538?

CVE-2021-41538 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-41538?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Solid Edge, Siemens Nx 1984 Firmware, Siemens Nx 1984, Siemens Nx 1988 Firmware, Siemens Nx 1988.

Vulnerability Description

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Solid Edge	< se2021
Siemens	Nx 1984 Firmware	< 1984
Siemens	Nx 1984	-
Siemens	Nx 1988 Firmware	< 1984
Siemens	Nx 1988	-
Siemens	Nx 1957 Firmware	< 1973.3700
Siemens	Nx 1957	-
Siemens	Nx 1961 Firmware	< 1973.3700
Siemens	Nx 1961	-
Siemens	Nx 1965 Firmware	< 1973.3700
Siemens	Nx 1965	-
Siemens	Nx 1969 Firmware	< 1973.3700
Siemens	Nx 1969	-

Related Weaknesses (CWE)

CWE-824

References

https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdfPatchVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdfPatchVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1122/Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdfPatchVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdfPatchVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1122/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2021-41538?

CVE-2021-41538 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vuln...

How severe is CVE-2021-41538?

CVE-2021-41538 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41538?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Solid Edge, Siemens Nx 1984 Firmware, Siemens Nx 1984, Siemens Nx 1988 Firmware, Siemens Nx 1988.