CVE-2020-28381

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack10:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack11:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack9:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*
cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*

History

21 Nov 2024, 05:22

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf - Vendor Advisory
References () https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04 - Third Party Advisory, US Government Resource
References () https://www.zerodayinitiative.com/advisories/ZDI-21-048/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-048/ - Third Party Advisory, VDB Entry
References () https://www.zerodayinitiative.com/advisories/ZDI-21-053/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-053/ - Third Party Advisory, VDB Entry
References () https://www.zerodayinitiative.com/advisories/ZDI-21-074/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-074/ - Third Party Advisory, VDB Entry

Information

Published : 2021-01-12 21:15

Updated : 2024-11-21 05:22


NVD link : CVE-2020-28381

Mitre link : CVE-2020-28381

CVE.ORG link : CVE-2020-28381


JSON object : View

Products Affected

siemens

  • solid_edge
CWE
CWE-787

Out-of-bounds Write