Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27041
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:06",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-27041",
"datePublished": "2021-06-25T12:41:13",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27041\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2021-06-25T13:15:08.217\",\"lastModified\":\"2024-11-21T05:57:14.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code\"},{\"lang\":\"es\",\"value\":\"Un archivo DWG malicioso puede ser utilizado para escribir m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos DWG. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"DDC0E547-C366-4A0E-95DE-EC420492E698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"B8319413-E093-4931-B2DB-A46522DF93C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"0B350B87-23EC-44F8-9A5F-9AC815E15BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"A084A960-35D8-4B9C-87DE-0213CA40CAD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"20EE0BDC-3A97-4CD4-A232-922F8D613856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"5FDD2042-5313-4658-AA4E-109684E91C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"FE031BD1-9F02-44C2-865E-2011511B36F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"0A51CDDA-0D83-4331-9AB6-F6ED076157F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"143F8B16-E253-477E-9875-94928BE5596B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"607A4804-A286-4237-82C3-8BE98662AE20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndIncluding\":\"2022.0.1\",\"matchCriteriaId\":\"967B286E-5E73-47E3-BC2F-951E26720370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"64C50E3E-8EFA-4B0D-B284-CF8FE4129866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"DFD09E68-2C34-4E76-9B67-868FA6E825A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"08BC587D-E4C7-4758-8AF5-1970892C35C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"282A07AC-8D43-4580-8D2E-8E30370049F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"E37E4967-AC88-42D6-98C2-1BA63F20BD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"49512EB3-DE17-45FF-AB90-2966462A9C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"01A870BA-E78E-4975-BF6D-7D410BE8CD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"6EF85630-3DDC-4026-AC5A-F1B197F98C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"F5309100-B3E9-4144-AEA3-B9030E93FD78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"954682D1-2E7A-4EAB-B4B8-43E2038EB7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"1016D7F3-2780-4412-A7AA-361B44A8632E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"F7ABD866-E08B-42F3-A19A-5574563AA540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"6716F29E-FBA2-4178-A8AE-269D9CC5AC59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"372905FF-2C9B-4366-BE56-36CACDA63BCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"D2F1DCEB-7ABB-4109-943A-E2DEFB17D330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"5F285B8D-585C-4C23-98FA-E09DE53C8247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"A10D9CEE-D92D-470D-928F-8F90243618EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"0199953B-BCAC-405E-BDC6-951BEAE01570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"FBDFDF50-5230-41F1-B380-AD3EC4B53DB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndExcluding\":\"2019.1.3\",\"matchCriteriaId\":\"F6A3326B-382B-4137-B0E7-0D54E825B717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2020\",\"versionEndExcluding\":\"2020.1.4\",\"matchCriteriaId\":\"48F67A57-7528-406B-9BF1-6A963F732564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2021\",\"versionEndExcluding\":\"2021.1.1\",\"matchCriteriaId\":\"825FC323-CAE7-4B39-85AD-966980D30D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2022\",\"versionEndExcluding\":\"2022.0.1\",\"matchCriteriaId\":\"F430EA73-2B9F-42D9-9005-42F439ABF63C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"213232B9-A40B-436D-A66A-B65C49D59BE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"84ED1789-A17F-48F7-A152-09D2A5C59254\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"74819924-EB63-4BBF-9986-FEF6100EEE15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"100922EF-C773-4798-B352-B16FCAD48F36\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.97\",\"matchCriteriaId\":\"EC66E916-D8A4-475B-A7E3-4E2FEF46A7B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.04e\",\"matchCriteriaId\":\"AAE9E820-2348-4895-9F7D-96071747109D\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
fkie_cve-2021-27041
Vulnerability from fkie_nvd
Published
2021-06-25 13:15
Modified
2024-11-21 05:57
Severity ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0E547-C366-4A0E-95DE-EC420492E698",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8319413-E093-4931-B2DB-A46522DF93C9",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B350B87-23EC-44F8-9A5F-9AC815E15BD9",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A084A960-35D8-4B9C-87DE-0213CA40CAD8",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20EE0BDC-3A97-4CD4-A232-922F8D613856",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD2042-5313-4658-AA4E-109684E91C43",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE031BD1-9F02-44C2-865E-2011511B36F5",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A51CDDA-0D83-4331-9AB6-F6ED076157F6",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143F8B16-E253-477E-9875-94928BE5596B",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607A4804-A286-4237-82C3-8BE98662AE20",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967B286E-5E73-47E3-BC2F-951E26720370",
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C50E3E-8EFA-4B0D-B284-CF8FE4129866",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD09E68-2C34-4E76-9B67-868FA6E825A6",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08BC587D-E4C7-4758-8AF5-1970892C35C8",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282A07AC-8D43-4580-8D2E-8E30370049F3",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E4967-AC88-42D6-98C2-1BA63F20BD5C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49512EB3-DE17-45FF-AB90-2966462A9C3C",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A870BA-E78E-4975-BF6D-7D410BE8CD6C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF85630-3DDC-4026-AC5A-F1B197F98C9E",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5309100-B3E9-4144-AEA3-B9030E93FD78",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954682D1-2E7A-4EAB-B4B8-43E2038EB7C7",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1016D7F3-2780-4412-A7AA-361B44A8632E",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ABD866-E08B-42F3-A19A-5574563AA540",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716F29E-FBA2-4178-A8AE-269D9CC5AC59",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "372905FF-2C9B-4366-BE56-36CACDA63BCD",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1DCEB-7ABB-4109-943A-E2DEFB17D330",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F285B8D-585C-4C23-98FA-E09DE53C8247",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10D9CEE-D92D-470D-928F-8F90243618EE",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0199953B-BCAC-405E-BDC6-951BEAE01570",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF50-5230-41F1-B380-AD3EC4B53DB7",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3326B-382B-4137-B0E7-0D54E825B717",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F67A57-7528-406B-9BF1-6A963F732564",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825FC323-CAE7-4B39-85AD-966980D30D89",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F430EA73-2B9F-42D9-9005-42F439ABF63C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC66E916-D8A4-475B-A7E3-4E2FEF46A7B9",
"versionEndIncluding": "10.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE9E820-2348-4895-9F7D-96071747109D",
"versionEndIncluding": "4.04e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
},
{
"lang": "es",
"value": "Un archivo DWG malicioso puede ser utilizado para escribir m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos DWG. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-27041",
"lastModified": "2024-11-21T05:57:14.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T13:15:08.217",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202106-1814
Vulnerability from variot
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040 Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "autocad",
"scope": null,
"trust": 2.1,
"vendor": "autodesk",
"version": null
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "civil 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "civil 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "civil 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad mep",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad mep",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "advance steel",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "advance steel",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "civil 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "advance steel",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad lt",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "advance steel",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "civil 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "design review",
"scope": "eq",
"trust": 1.0,
"vendor": "autodesk",
"version": "2018"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad mep",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad lt",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad mep",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "advance steel",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "civil 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad lt",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad mep",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "mc works64",
"scope": "lte",
"trust": 1.0,
"vendor": "mitsubishielectric",
"version": "4.04e"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad mep",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "advance steel",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "autocad",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad mep",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "lte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad plant 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad electrical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad lt",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad lt",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "autocad mep",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad lt",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "advance steel",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022.0.1"
},
{
"_id": null,
"model": "autocad lt",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020.1.4"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019.1.3"
},
{
"_id": null,
"model": "autocad architecture",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "autocad lt",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021"
},
{
"_id": null,
"model": "genesis64",
"scope": "lte",
"trust": 1.0,
"vendor": "iconics",
"version": "10.97"
},
{
"_id": null,
"model": "autocad map 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "advance steel",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2020"
},
{
"_id": null,
"model": "civil 3d",
"scope": "lt",
"trust": 1.0,
"vendor": "autodesk",
"version": "2021.1.1"
},
{
"_id": null,
"model": "civil 3d",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2022"
},
{
"_id": null,
"model": "autocad mechanical",
"scope": "gte",
"trust": 1.0,
"vendor": "autodesk",
"version": "2019"
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "mc works64",
"scope": null,
"trust": 0.8,
"vendor": "\u4e09\u83f1\u96fb\u6a5f",
"version": null
},
{
"_id": null,
"model": "genesis64",
"scope": null,
"trust": 0.7,
"vendor": "iconics",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.04e",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"credits": {
"_id": null,
"data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
}
],
"trust": 2.1
},
"cve": "CVE-2021-27041",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-27041",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-27041",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-27041",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-003350",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2021-27041",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27041",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-003350",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1568",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568"
},
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27041"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 4.68
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-27041",
"trust": 5.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-294-01",
"trust": 1.4
},
{
"db": "ZDI",
"id": "ZDI-21-714",
"trust": 1.3
},
{
"db": "ZDI",
"id": "ZDI-21-1237",
"trust": 1.3
},
{
"db": "ZDI",
"id": "ZDI-22-478",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU94862669",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12281",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12181",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-21-713",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14064",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15565",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102205",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042625",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062421",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3527",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568"
},
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"id": "VAR-202106-1814",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.685964935
},
"last_update_date": "2022-05-14T20:19:01.789000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Autodesk has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"title": "GENESIS64 and MC\u00a0Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function",
"trust": 0.8,
"url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf"
},
{
"title": "ICONICS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
},
{
"title": "Autodesk has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
},
{
"title": "Autodesk AutoCAD Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155361"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"trust": 2.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
},
{
"trust": 1.6,
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"trust": 1.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1237/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94862669/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27041"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27040"
},
{
"trust": 0.7,
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062421"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040706"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3527"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-478/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-714/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042625"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102205"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-21-1237"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568"
},
{
"db": "NVD",
"id": "CVE-2021-27041"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-714",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-713",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-1237",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-22-478",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003350",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1568",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-27041",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-714",
"ident": null
},
{
"date": "2021-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-713",
"ident": null
},
{
"date": "2021-10-28T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1237",
"ident": null
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-478",
"ident": null
},
{
"date": "2021-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003350",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1568",
"ident": null
},
{
"date": "2021-06-25T13:15:00",
"db": "NVD",
"id": "CVE-2021-27041",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-714",
"ident": null
},
{
"date": "2021-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-21-713",
"ident": null
},
{
"date": "2021-10-28T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1237",
"ident": null
},
{
"date": "2022-03-07T00:00:00",
"db": "ZDI",
"id": "ZDI-22-478",
"ident": null
},
{
"date": "2021-11-26T02:40:00",
"db": "JVNDB",
"id": "JVNDB-2021-003350",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2022-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1568",
"ident": null
},
{
"date": "2022-05-13T17:37:00",
"db": "NVD",
"id": "CVE-2021-27041",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1568"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-714"
},
{
"db": "ZDI",
"id": "ZDI-21-713"
},
{
"db": "ZDI",
"id": "ZDI-22-478"
}
],
"trust": 2.1
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
ICSA-21-294-01
Vulnerability from csaf_cisa
Published
2021-10-21 00:00
Modified
2021-10-21 00:00
Summary
ICONICS GENESIS64 and Mitsubishi Electric MC Works64
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in remote code execution.
Critical infrastructure sectors
Multiple including Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.
{
"document": {
"acknowledgments": [
{
"names": [
"Michael DePlante"
],
"organization": "Trend Micro \u0027s Zero Day Initiative",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple including Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-294-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-294-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICONICS GENESIS64 and Mitsubishi Electric MC Works64",
"tracking": {
"current_release_date": "2021-10-21T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-294-01",
"initial_release_date": "2021-10-21T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-10-21T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-294-01 ICONICS GENESIS64 and Mitsubishi Electric MC Works64"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "GENESIS64: (all versions up to and including 10.97)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "GENESIS64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.04E",
"product": {
"name": "MC Works64: (all version of MC Works64 up to and including Version 4.04E)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "MC Works64"
}
],
"category": "vendor",
"name": "ICONICS, Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27041",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A lack of proper validation of user-supplied data may result in a write past the end of an allocated data structure. User interaction is required to exploit this vulnerability as the target must attempt to import a malicious AutoCAD DWG file into GraphWorX64.CVE-2021-27041 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27041"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing Critical Fix Rollups or patches for these products. GENESIS64 Version 10.97.1 and later will not be vulnerable to this exploit.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "When importing any AutoCad DWG file, make sure it is known to come from a trusted source.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Install the applicable Critical Fix Rollup, when available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "ICONICS provides information and useful links related to its security updates at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric provides information and useful links related to this security update at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-017_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-27040",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A lack of proper validation of user-supplied data may allow reading past the end of an allocated data structure. User interaction is required to exploit this vulnerability as the target must visit a malicious page or open a malicious file.CVE-2021-27040 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27040"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing Critical Fix Rollups or patches for these products. GENESIS64 Version 10.97.1 and later will not be vulnerable to this exploit.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "When importing any AutoCad DWG file, make sure it is known to come from a trusted source.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Install the applicable Critical Fix Rollup, when available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "ICONICS provides information and useful links related to its security updates at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric provides information and useful links related to this security update at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-017_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
icsa-21-294-01
Vulnerability from csaf_cisa
Published
2021-10-21 00:00
Modified
2021-10-21 00:00
Summary
ICONICS GENESIS64 and Mitsubishi Electric MC Works64
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in remote code execution.
Critical infrastructure sectors
Multiple including Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.
{
"document": {
"acknowledgments": [
{
"names": [
"Michael DePlante"
],
"organization": "Trend Micro \u0027s Zero Day Initiative",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple including Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-294-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-294-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-294-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICONICS GENESIS64 and Mitsubishi Electric MC Works64",
"tracking": {
"current_release_date": "2021-10-21T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-294-01",
"initial_release_date": "2021-10-21T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-10-21T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-294-01 ICONICS GENESIS64 and Mitsubishi Electric MC Works64"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 10.97",
"product": {
"name": "GENESIS64: (all versions up to and including 10.97)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "GENESIS64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 4.04E",
"product": {
"name": "MC Works64: (all version of MC Works64 up to and including Version 4.04E)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "MC Works64"
}
],
"category": "vendor",
"name": "ICONICS, Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27041",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A lack of proper validation of user-supplied data may result in a write past the end of an allocated data structure. User interaction is required to exploit this vulnerability as the target must attempt to import a malicious AutoCAD DWG file into GraphWorX64.CVE-2021-27041 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27041"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing Critical Fix Rollups or patches for these products. GENESIS64 Version 10.97.1 and later will not be vulnerable to this exploit.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "When importing any AutoCad DWG file, make sure it is known to come from a trusted source.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Install the applicable Critical Fix Rollup, when available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "ICONICS provides information and useful links related to its security updates at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric provides information and useful links related to this security update at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-017_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-27040",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A lack of proper validation of user-supplied data may allow reading past the end of an allocated data structure. User interaction is required to exploit this vulnerability as the target must visit a malicious page or open a malicious file.CVE-2021-27040 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27040"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing Critical Fix Rollups or patches for these products. GENESIS64 Version 10.97.1 and later will not be vulnerable to this exploit.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Use a firewall. Place control system networks and devices behind firewalls and isolate them from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Do not click web links or open unsolicited attachments in email messages.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "When importing any AutoCad DWG file, make sure it is known to come from a trusted source.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Install the applicable Critical Fix Rollup, when available.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "ICONICS provides information and useful links related to its security updates at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://www.iconics.com/certs"
},
{
"category": "mitigation",
"details": "Mitsubishi Electric provides information and useful links related to this security update at its company website.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-017_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
gsd-2021-27041
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27041",
"description": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.",
"id": "GSD-2021-27041"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27041"
],
"details": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code",
"id": "GSD-2021-27041",
"modified": "2023-12-13T01:23:35.494413Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.97",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.04e",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27041"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-05-13T17:37Z",
"publishedDate": "2021-06-25T13:15Z"
}
}
}
ghsa-6wwm-622g-84wc
Vulnerability from github
Published
2022-05-24 19:06
Modified
2022-05-24 19:06
Severity ?
Details
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-27041"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-25T13:15:00Z",
"severity": "HIGH"
},
"details": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.",
"id": "GHSA-6wwm-622g-84wc",
"modified": "2022-05-24T19:06:19Z",
"published": "2022-05-24T19:06:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27041"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1237"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-478"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.