Lucene search
Francis Provencher {PRL}ZDI-21-570HistoryMay 13, 2021 - 12:00 a.m.
Siemens Tecnomatix Plant Simulation SPP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2021-05-1300:00:00
Francis Provencher {PRL}
www.zerodayinitiative.com
37
siemens tecnomatix plant simulation
spp file
buffer overflow
remote code execution
validation of data
stack-based buffer
vulnerability
user interaction
current process
EPSS
0.003
Percentile
69.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SPP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
prion
prion
Stack overflow
2021-05-12 14:15:00
Stack overflow
2021-05-12 14:15:00
nvd
nvd
CVE-2021-27398
2021-05-12 14:15:11
CVE-2021-27396
2021-05-12 14:15:11
cve
cve
CVE-2021-27396
2021-05-12 14:15:11
CVE-2021-27398
2021-05-12 14:15:11
cvelist
cvelist
CVE-2021-27396
2021-05-12 13:18:23
CVE-2021-27398
2021-05-12 13:18:23
ics
ics
Siemens Tecnomatix Plant Simulation
2021-05-11 12:00:00