Sign-up

ID

VAR-202112-0734


CVE

CVE-2021-42024


TITLE

Simcenter STAR-CCM+ Viewer  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016333

DESCRIPTION

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. Simcenter STAR-CCM+ Viewer Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-42024 // JVNDB: JVNDB-2021-016333

AFFECTED PRODUCTS

vendor:siemensmodel:simcenter star-ccm\+ viewerscope:ltversion:2021.3.1

Trust: 1.0

vendor:シーメンスmodel:simcenter star-ccm+ viewerscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:simcenter star-ccm+ viewerscope:eqversion:2021.3.1

Trust: 0.8

sources: JVNDB: JVNDB-2021-016333 // NVD: CVE-2021-42024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42024
value: HIGH

Trust: 1.0

NVD: CVE-2021-42024
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-1190
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-42024
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-42024
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-42024
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-016333 // CNNVD: CNNVD-202112-1190 // NVD: CVE-2021-42024

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016333 // NVD: CVE-2021-42024

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-1190

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-1190

PATCH

title:SSA-161331url:http://bugs.exim.org/show_bug.cgi?id=1106

Trust: 0.8

title:Siemens Simcenter STAR-CCM+ Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175049

Trust: 0.6

sources: JVNDB: JVNDB-2021-016333 // CNNVD: CNNVD-202112-1190

EXTERNAL IDS

db:NVDid:CVE-2021-42024

Trust: 3.2

db:SIEMENSid:SSA-161331

Trust: 1.6

db:ICS CERTid:ICSA-21-350-15

Trust: 1.4

db:JVNid:JVNVU96592426

Trust: 0.8

db:JVNDBid:JVNDB-2021-016333

Trust: 0.8

db:CS-HELPid:SB2022010507

Trust: 0.6

db:CNNVDid:CNNVD-202112-1190

Trust: 0.6

sources: JVNDB: JVNDB-2021-016333 // CNNVD: CNNVD-202112-1190 // NVD: CVE-2021-42024

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-42024

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96592426/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-15

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022010507

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-15

Trust: 0.6

sources: JVNDB: JVNDB-2021-016333 // CNNVD: CNNVD-202112-1190 // NVD: CVE-2021-42024

CREDITS

Jin Huang of ADLab of Venustech reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202112-1190

SOURCES

db:JVNDBid:JVNDB-2021-016333
db:CNNVDid:CNNVD-202112-1190
db:NVDid:CVE-2021-42024

LAST UPDATE DATE

2024-11-23T21:12:03.799000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-016333date:2022-12-12T06:55:00
db:CNNVDid:CNNVD-202112-1190date:2022-01-06T00:00:00
db:NVDid:CVE-2021-42024date:2024-11-21T06:27:06.280

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-016333date:2022-12-12T00:00:00
db:CNNVDid:CNNVD-202112-1190date:2021-12-14T00:00:00
db:NVDid:CVE-2021-42024date:2021-12-14T12:15:09.983