cvelistv5 - CVE-2021-27044

CVE-2021-27044 (GCVE-0-2021-27044)

Vulnerability from cvelistv5

Published

2021-09-15 14:11

Modified

2024-08-03 20:40

Severity ?

CWE

Out-Of-Bounds Read Vulnerability

Summary

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

References

URL

	Vendor	Product	Version
	n/a	Autodesk FBX Review	Version: 1.5.0

fkie_cve-2021-27044

Vulnerability from fkie_nvd

Published

2021-09-15 15:15

Modified

2024-11-21 05:57

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

References

	URL	Tags
	psirt@autodesk.com	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	autodesk	fbx_review	1.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:fbx_review:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C272F6-0D0A-41B4-AEB0-24C25A0BBE98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escritura fuera de l\u00edmites en Autodesk FBX Review versi\u00f3n 1.5.0 y anteriores, puede conllevar una ejecuci\u00f3n de c\u00f3digo mediante archivos DLL maliciosamente dise\u00f1ados o una divulgaci\u00f3n de informaci\u00f3n"
    }
  ],
  "id": "CVE-2021-27044",
  "lastModified": "2024-11-21T05:57:14.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-15T15:15:07.737",
  "references": [
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
    }
  ],
  "sourceIdentifier": "psirt@autodesk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2021-27044

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Aliases

CVE-2021-27044

Aliases

CVE-2021-27044

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27044",
    "description": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.",
    "id": "GSD-2021-27044"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27044"
      ],
      "details": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.",
      "id": "GSD-2021-27044",
      "modified": "2023-12-13T01:23:35.846013Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@autodesk.com",
        "ID": "CVE-2021-27044",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Autodesk FBX Review",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-Of-Bounds Read Vulnerability "
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001",
            "refsource": "MISC",
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:fbx_review:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27044"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                },
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-25T18:17Z",
      "publishedDate": "2021-09-15T15:15Z"
    }
  }
}

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1
Siemens	N/A	TIA Portal V18 versions antérieures à V18 Update 1
Siemens	N/A	TeleControl Server Basic V3
Siemens	N/A	Polarion ALM versions antérieures à V2304.0
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	TIA Portal V15, V16 et V17
Siemens	N/A	JT2Go versions antérieures à V14.2.0.2
Siemens	N/A	De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète
Siemens	N/A	SIMATIC S7-400 PN/DP CPU family
Siemens	N/A	Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13
Siemens	N/A	Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1
Siemens	N/A	Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1
Siemens	N/A	SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17
Siemens	N/A	SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53
Siemens	N/A	Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2
Siemens	N/A	JT Open versions antérieures à V11.3.2.0
Siemens	N/A	Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2
Siemens	N/A	Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1
Siemens	N/A	JT Utilities versions antérieures à V13.3.0.0
Siemens	N/A	Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9
Siemens	N/A	OpenPCS 7 V9.1
Siemens	N/A	SIMATIC S7-300 CPU family versions antérieures à V3.X.18
Siemens	N/A	Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-699404 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-479249 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-572164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-691715 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-511182 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-566905 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-642810 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-603476 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-813746 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-629917 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-558014 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-322980 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-116924 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-632164 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-472454 du 11 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TeleControl Server Basic V3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15, V16 et V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU family",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2023-28828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
    },
    {
      "name": "CVE-2016-8673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2023-28766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
    },
    {
      "name": "CVE-2021-27044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
    },
    {
      "name": "CVE-2022-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2023-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
    },
    {
      "name": "CVE-2023-28489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
    },
    {
      "name": "CVE-2022-43767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
    },
    {
      "name": "CVE-2022-44725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
    },
    {
      "name": "CVE-2023-29054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
    },
    {
      "name": "CVE-2023-23588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
    },
    {
      "name": "CVE-2021-46828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
    },
    {
      "name": "CVE-2016-8672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
    },
    {
      "name": "CVE-2023-26293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
    },
    {
      "name": "CVE-2022-40674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
    },
    {
      "name": "CVE-2022-43716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
    },
    {
      "name": "CVE-2022-43768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
    },
    {
      "name": "CVE-2023-27464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2023-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    }
  ],
  "initial_release_date": "2023-04-11T00:00:00",
  "last_revision_date": "2023-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0298",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
    }
  ]
}

ghsa-hcvx-9jxc-j8w3

Vulnerability from github

Published

2022-05-24 19:14

Modified

2022-05-24 19:14

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-15T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.",
  "id": "GHSA-hcvx-9jxc-j8w3",
  "modified": "2022-05-24T19:14:38Z",
  "published": "2022-05-24T19:14:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27044"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2021-99304

Vulnerability from cnvd

Title

Autodesk FBX Review越界读写漏洞（CNVD-2021-99304）

Description

Autodesk FBX Review是一款用于查看3D资产和动画的轻量级独立工具。 Autodesk FBX Review 1.4.0版存在越界读写漏洞。攻击者可通过特制DLL文件利用该漏洞实现远程代码执行或获取信息。

Severity

中

Patch Name

Autodesk FBX Review越界读写漏洞（CNVD-2021-99304）的补丁

Patch Description

Autodesk FBX Review是一款用于查看3D资产和动画的轻量级独立工具。 Autodesk FBX Review 1.4.0版存在越界读写漏洞。攻击者可通过特制DLL文件利用该漏洞实现远程代码执行或获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-27044

Impacted products

Name
Autodesk Autodesk FBX Review 1.4.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27044",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-27044"
    }
  },
  "description": "Autodesk FBX Review\u662f\u4e00\u6b3e\u7528\u4e8e\u67e5\u770b3D\u8d44\u4ea7\u548c\u52a8\u753b\u7684\u8f7b\u91cf\u7ea7\u72ec\u7acb\u5de5\u5177\u3002\n\nAutodesk FBX Review 1.4.0\u7248\u5b58\u5728\u8d8a\u754c\u8bfb\u5199\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236DLL\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6216\u83b7\u53d6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-99304",
  "openTime": "2021-12-13",
  "patchDescription": "Autodesk FBX Review\u662f\u4e00\u6b3e\u7528\u4e8e\u67e5\u770b3D\u8d44\u4ea7\u548c\u52a8\u753b\u7684\u8f7b\u91cf\u7ea7\u72ec\u7acb\u5de5\u5177\u3002\r\n\r\nAutodesk FBX Review 1.4.0\u7248\u5b58\u5728\u8d8a\u754c\u8bfb\u5199\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236DLL\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6216\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Autodesk FBX Review\u8d8a\u754c\u8bfb\u5199\u6f0f\u6d1e\uff08CNVD-2021-99304\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Autodesk Autodesk FBX Review 1.4.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27044",
  "serverity": "\u4e2d",
  "submitTime": "2021-09-16",
  "title": "Autodesk FBX Review\u8d8a\u754c\u8bfb\u5199\u6f0f\u6d1e\uff08CNVD-2021-99304\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-27044 (GCVE-0-2021-27044)

Vulnerability from cvelistv5

fkie_cve-2021-27044

Vulnerability from fkie_nvd

gsd-2021-27044

Vulnerability from gsd

CERTFR-2023-AVI-0298

Vulnerability from certfr_avis

Solution

ghsa-hcvx-9jxc-j8w3

Vulnerability from github

cnvd-2021-99304

Vulnerability from cnvd

Tags

Sightings

Nomenclature