VDB
ICSA-21-287-06
ICSA-21-287-06
PUBLISHED
CVSS 7.800000190734863 HIGH
Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution on the target host system. Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solid Edge SE2021 |
Timeline
- Sep 28, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-728618.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-728618.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-287-06.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-06 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url