Lucene search
SiemensCVELIST:CVE-2021-34327HistoryJul 13, 2021 - 11:03 a.m.
CVE-2021-34327
2021-07-1311:03:43
CWE-122
siemens
www.cve.org
1
vulnerability
code execution
jt2go
solid edge
teamcenter visualization
plmxmladapterse70.dll
asm files
out of bounds write
heap-based buffer
EPSS
0.001
Percentile
35.5%
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)
CNA Affected
[
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V13.2"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions < SE2021MP5"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V13.2"
}
]
}
]Related
zdi
zdi
cve
cve
CVE-2021-34327
2021-07-13 11:15:13
nvd
nvd
CVE-2021-34327
2021-07-13 11:15:13
prion
prion
Heap overflow
2021-07-13 11:15:00
ics
ics
Siemens Solid Edge
2021-07-14 12:00:00
Siemens JT2Go and Teamcenter Visualization
2021-07-13 12:00:00
nessus
nessus
Siemens JT2Go < 13.2 Multiple Vulnerabilities (SSA-483182)
2021-07-15 00:00:00