Lucene search
SiemensCVELIST:CVE-2021-25678HistoryApr 22, 2021 - 8:42 p.m.
CVE-2021-25678
2021-04-2220:42:21
CWE-787
siemens
www.cve.org
3
cve-2021-25678
solid edge
se2020
se2021
validation
par files
out of bounds write
code execution
zdi-can-12529
EPSS
0.001
Percentile
33.8%
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)
CNA Affected
[
{
"product": "Solid Edge SE2020",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < SE2020MP13"
}
]
},
{
"product": "Solid Edge SE2020",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < SE2020MP14"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions < SE2021MP4"
}
]
}
]Related
zdi
zdi
nvd
nvd
CVE-2021-25678
2021-04-22 21:15:10
prion
prion
Default credentials
2021-04-22 21:15:00
cve
cve
CVE-2021-25678
2021-04-22 21:15:10
ics
ics
Siemens Solid Edge File Parsing (Update A)
2021-06-08 12:00:00