Rewterz Threat Advisory –CVE-2021-33698 – SAP Business One Security Vulnerability
August 11, 2021Rewterz Threat Advisory – ICS: Multiple Siemens SIMATIC NET CP Vulnerability
August 11, 2021Rewterz Threat Advisory –CVE-2021-33698 – SAP Business One Security Vulnerability
August 11, 2021Rewterz Threat Advisory – ICS: Multiple Siemens SIMATIC NET CP Vulnerability
August 11, 2021Severity
High
Analysis Summary
CVE-2021-37178
An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted XML file.
CVE-2021-37179
The PSKERNEL.DLL library in the affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-37180
The PSKERNEL.DLL library lacks proper validation while parsing user supplied OBJ files that could cause an out-of-bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process.
Impact
- Code Execution
- Data Exfiltration
Affected Vendors
Siemens
Affected Products
- Solid Edge SE2021: All versions prior to SE2021MP7
Remediation
Refer to CISA advisory for the complete list of affected products and their respective patches at