CVE-2021-44000

Description

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf	patch vendor advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-335/	vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-44000?: CVE-2021-44000 has been scored as a high severity vulnerability.
How to fix CVE-2021-44000?: To fix CVE-2021-44000, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-44000 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-44000 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-44000?: CVE-2021-44000 affects Siemens JT2Go, Siemens Solid Edge SE2021, Siemens Solid Edge SE2022, Siemens Teamcenter Visualization V13.1, Siemens Teamcenter Visualization V13.2, Siemens Teamcenter Visualization V13.3.

Description

Categories

CWE-122 – Heap-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions