CVE-2020-28382

Published Jan 12, 2021

Last updated 3 years ago

CVSS high 7.8

Overview

Description: A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787
productcert@siemens.com: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AF39DFE-A31B-4324-BB62-0B446ACA04B7",
            "versionEndExcluding": "se2020"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07440B76-B975-4946-8A97-38C564D240E4"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F0A748E-BB6F-4604-8024-F50DC0C20EAF"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F37267-6B37-46A4-B9F9-4264BEC922D1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB1DC54B-E715-4425-B6B6-900F2CFBCE03"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F495722-39BD-4BA1-A643-C7D0BA81CC21"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B776512-BF3D-4F70-BD58-AFF8E1B03EE2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99E05299-50FD-4292-9978-8E05C1483FE2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2447D05B-2634-4895-B7B0-6F7DBB9D2EC2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBBD39F3-790F-4017-A57E-6EFC314F0557"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4387BFA-8A98-433E-9EF7-B29226C195A7"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E380F66-C11C-472B-9B71-7CB4AF4FABDC"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2020:maintenance_pack9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CF4ACE1-B069-4007-8142-7F90015BBE9D"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD"
          },
          {
            "criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References