| Publication Date: |
2021-09-28 |
| Last Update: |
2021-09-28 |
| Current Version: |
V1.0 |
| CVSS v3.1 Base Score: |
7.8 |
| Affected Product and Versions |
Remediation |
|
Solid Edge SE2021:
All versions < SE2021MP8
|
Update to SE2021MP8 or later version
https://support.sw.siemens.com/ (login required)
|
- Avoid opening files from unknown sources in Solid Edge
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-416: Use After Free |
| CVSS v3.1 Base Score |
7.1 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
| CWE: |
CWE-125: Out-of-bounds Read |
| CVSS v3.1 Base Score |
3.3 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C |
| CWE: |
CWE-125: Out-of-bounds Read |
| CVSS v3.1 Base Score |
3.3 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C |
| CWE: |
CWE-125: Out-of-bounds Read |
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C |
| CWE: |
CWE-416: Use After Free |
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C |
| CWE: |
CWE-416: Use After Free |
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C |
| CWE: |
CWE-416: Use After Free |
| CVSS v3.1 Base Score |
3.3 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C |
| CWE: |
CWE-824: Access of Uninitialized Pointer |
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C |
| CWE: |
CWE-416: Use After Free |
| CVSS v3.1 Base Score |
7.8 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C |
| CWE: |
CWE-416: Use After Free |
-
xina1i
for reporting vulnerabilities CVE-2021-37202 and CVE-2021-37203
-
Trend Micro Zero Day Initiative
for coordinated disclosure of CVE-2021-41533 through CVE-2021-41540
https://www.siemens.com/cert/advisories