CVE-2021-41538
3.3 LOWA vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE20...
Published: 2021-09-28 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- CWE
- CWE-824
Affected products
| Vendor | Product |
|---|---|
| siemens | nx_1957_firmware, nx_1961_firmware, nx_1965_firmware |
Description
A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41538
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
- [Other]https://www.zerodayinitiative.com/advisories/ZDI-21-1122/
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf
- [Patch]https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf
- [Other]https://www.zerodayinitiative.com/advisories/ZDI-21-1122/
Related CVEs
Same vendor
- CVE-2026-46749 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (7.5 HIGH)
- CVE-2026-46748 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
- CVE-2026-46747 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (4.3 MEDIUM)
- CVE-2026-46746 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
- CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
Same CWE
- CVE-2026-47908 — Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbit... (7.8 HIGH)
- CVE-2026-47320 — Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversiz... (6.1 MEDIUM)
- CVE-2026-42959 — NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a cr... (7.5 HIGH)
- CVE-2026-2100 — A flaw was found in p11-kit (5.3 MEDIUM)
- CVE-2025-66588 — In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability can be exploited by an attacker which ... (7.8 HIGH)