CVE-2021-25175
Severity CVSS v4.0:
Pending analysis
Type:
CWE-704
Incorrect Type Conversion or Cast
Publication date:
18/01/2021
Last modified:
08/04/2022
Description
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:* | 2021.11 (excluding) | |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 10.4.1 (excluding) | |
| cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:* | 13.1.0.1 (excluding) | |
| cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:* | 13.1.0.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
- https://www.opendesign.com/security-advisories
- https://www.zerodayinitiative.com/advisories/ZDI-21-218/
- https://www.zerodayinitiative.com/advisories/ZDI-21-223/
- https://www.zerodayinitiative.com/advisories/ZDI-21-224/
- https://www.zerodayinitiative.com/advisories/ZDI-21-244/
- https://www.zerodayinitiative.com/advisories/ZDI-21-245/
- https://www.zerodayinitiative.com/advisories/ZDI-21-246/