CVE-2021-37180

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13775)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemensCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-1113/
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-1113/