CVE-2021-43336

{"id": "CVE-2021-43336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-11-14T21:15:08.263", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-334/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escritura fuera de l\u00edmites cuando es le\u00eddo un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. El problema espec\u00edfico es presentado dentro del an\u00e1lisis de los archivos DXF. Los datos dise\u00f1ados en un archivo DXF (un n\u00famero no v\u00e1lido de propiedades) pueden desencadenar una operaci\u00f3n de escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2023-02-24T15:53:38.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2517E46B-54DB-49E1-88DB-905365792054", "versionEndExcluding": "2022.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C51D6378-471B-45B2-9666-1AA4FB509E7A"}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2022:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61866294-2060-457C-9CBE-8AEAF03973F6"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAAA3630-3C59-43E8-9793-B3DD3276B58C", "versionEndExcluding": "12.4.0.13", "versionStartIncluding": "12.4.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFBB1E39-FCCF-4F33-ADB4-74849D0E65CB", "versionEndExcluding": "13.3.0.1", "versionStartIncluding": "13.2.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:13.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A817DDD3-A448-46FE-8232-21E307A677F9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}