CVE-2021-37202

{"id": "CVE-2021-37202", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-09-14T11:15:26.397", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en NX 1980 Series (Todas las versiones anteriores a V1984), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP8). El adaptador IFC de la aplicaci\u00f3n afectada contiene una vulnerabilidad de uso despu\u00e9s de libre que podr\u00eda activarse mientras se analizan los archivos IFC suministrados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2021-11-18T16:08:06.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:nx_1980:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A09766-0171-4DDA-9BF9-D379DA134571", "versionEndExcluding": "1984"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "576A303A-66CA-4694-AA54-9EB0137C24F1", "versionEndExcluding": "se2021"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756343AA-DB57-40F7-94FA-84BFCDEB6159"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36B0DD28-653E-4069-AB5A-38F8EFEB36CA"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82090774-D894-41C8-82F1-A48A8707E9BB"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD346D22-9B5D-4A50-94E2-1F5C8D391EC3"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1466AEE0-4A5C-4E2D-80B8-43680F60FC31"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4173D09-C317-45FF-ABA4-39E5592862F8"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}