Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe

Filtered by product Solid Edge Se2021 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-37178	1 Siemens	2 Solid Edge Se2021, Solid Edge Se2021 Firmware	2021-08-20	4.3 MEDIUM	5.5 MEDIUM
A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.
CVE-2021-27492	3 Datakit, Luxion, Siemens	6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more	2021-06-09	4.3 MEDIUM	5.5 MEDIUM
When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.