Skip to main content

Solid Edge CVE-2021-41538

LOW
Access of Uninitialized Pointer (CWE-824)
2021-09-28 productcert@siemens.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 28, 2021 - 12:15 nvd
LOW 3.3

DescriptionNVD

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

AnalysisAI

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-824. A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). Affected products include: Siemens Solid Edge, Siemens Nx 1984 Firmware, Siemens Nx 1988 Firmware, Siemens Nx 1957 Firmware, Siemens Nx 1961 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-40741 HIGH
7.8 Jul 08

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications con

CVE-2025-40740 HIGH
7.8 Jul 08

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications con

CVE-2025-40739 HIGH
7.8 Jul 08

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications con

CVE-2023-39549 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). Rated high severity (CVSS 7.8

CVE-2023-39419 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39188 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39187 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39186 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39185 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39184 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39183 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

CVE-2023-39182 HIGH
7.8 Aug 08

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8

Share

CVE-2021-41538 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy