{"containers": {"cna": {"affected": [{"product": "Solid Edge SE2020", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All Versions < SE2020MP13"}]}, {"product": "Solid Edge SE2021", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All Versions < SE2021MP3"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-22T20:42:20.000Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-28387", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solid Edge SE2020", "version": {"version_data": [{"version_value": "All Versions < SE2020MP13"}]}}, {"product_name": "Solid Edge SE2021", "version": {"version_data": [{"version_value": "All Versions < SE2021MP3"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-611: Improper Restriction of XML External Entity Reference"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:59.035Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-28387", "datePublished": "2021-03-15T17:03:30.000Z", "dateReserved": "2020-11-10T00:00:00.000Z", "dateUpdated": "2024-08-04T16:33:59.035Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", "matchCriteriaId": "576A303A-66CA-4694-AA54-9EB0137C24F1", "versionEndExcluding": "se2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:-:*:*:*:*:*:*", "matchCriteriaId": "39D237BD-EE55-4B40-ABC3-194C4BF7C6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:solid_edge:se2021:maintenance_pack1:*:*:*:*:*:*", "matchCriteriaId": "49F5649A-349C-42C6-AFFF-CEE1ABC14E67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Solid Edge SE2020 (Todas las versiones anteriores a SE2020MP13), Solid Edge SE2021 (Todas las versiones anteriores a SE2021MP3).&#xa0;Cuando se abre un archivo SEECTCXML especialmente dise\u00f1ado, la aplicaci\u00f3n podr\u00eda divulgar archivos arbitrarios a atacantes remotos.&#xa0;Esto es debido al paso de contenido especialmente dise\u00f1ado hacia el analizador XML subyacente sin tomar las restricciones apropiadas, como prohibir un dtd externo.&#xa0;(ZDI?CAN?11923)"}], "id": "CVE-2020-28387", "lastModified": "2024-11-21T05:22:42.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-15T17:15:20.660", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}

{}