Type Confusion in Siemens products - CVE-2021-25177
Published: February 11, 2021
Siemens
Drawings SDK
Teamcenter Visualization
JT2Go
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when rendering malformed DXF and DWG files. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.