CVE-2021-27382

2021-04-2220:42:21

CWE-121

siemens

www.cve.org

solid edge

se2020

se2021

buffer overflow

code execution

par files

EPSS

0.006

Percentile

79.0%

JSON

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)

CNA Affected

[
  {
    "product": "Solid Edge SE2020",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < SE2020MP13"
      }
    ]
  },
  {
    "product": "Solid Edge SE2020",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < SE2020MP14"
      }
    ]
  },
  {
    "product": "Solid Edge SE2021",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions < SE2021MP4"
      }
    ]
  }
]