CVE-2021-25175
📋 TL;DR
A type conversion vulnerability in Open Design Alliance Drawings SDK allows attackers to crash applications by providing malformed .DXF or .DWG files. This enables denial of service attacks against systems using vulnerable versions of the SDK. Affected are applications that process CAD files using ODA Drawings SDK before version 2021.11.
💻 Affected Systems
- Open Design Alliance Drawings SDK
- Applications using ODA Drawings SDK
📦 What is this software?
Comos by Siemens
Drawings Software Development Kit by Opendesign
Jt2go by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash leading to denial of service, potentially disrupting CAD workflows or automated systems processing CAD files.
Likely Case
Application crash when processing malicious CAD files, causing temporary service disruption.
If Mitigated
No impact if patched version is used or if file processing is restricted to trusted sources.
🎯 Exploit Status
Exploitation requires providing a malformed CAD file to a vulnerable application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.11 or later
Vendor Advisory: https://www.opendesign.com/security-advisories
Restart Required: Yes
Instructions:
1. Identify applications using ODA Drawings SDK. 2. Update SDK to version 2021.11 or later. 3. Rebuild/redeploy applications with updated SDK. 4. Restart affected services.
🔧 Temporary Workarounds
File type restriction
allBlock or restrict processing of .DXF and .DWG files from untrusted sources
Input validation
allImplement file validation/sanitization before passing to ODA SDK
🧯 If You Can't Patch
- Implement strict file upload controls and validation for CAD files
- Isolate CAD processing systems and monitor for crashes
🔍 How to Verify
Check if Vulnerable:
Check application documentation or contact vendor to confirm ODA SDK version used. Version < 2021.11 indicates vulnerability.Check Version:
Application-specific; typically requires checking build configuration or vendor documentation.Verify Fix Applied:
Confirm ODA SDK version is 2021.11 or later and test with known safe CAD files.📡 Detection & Monitoring
Log Indicators:
- Application crashes when processing CAD files
- Unexpected termination of CAD-related processes
Network Indicators:
- Multiple CAD file uploads followed by service disruption
SIEM Query:
EventID: Application Crash AND ProcessName contains 'CAD' OR 'ODA'🔗 References
- https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
- https://www.opendesign.com/security-advisories
- https://www.zerodayinitiative.com/advisories/ZDI-21-218/
- https://www.zerodayinitiative.com/advisories/ZDI-21-223/
- https://www.zerodayinitiative.com/advisories/ZDI-21-224/
- https://www.zerodayinitiative.com/advisories/ZDI-21-244/
- https://www.zerodayinitiative.com/advisories/ZDI-21-245/
- https://www.zerodayinitiative.com/advisories/ZDI-21-246/
- https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
- https://www.opendesign.com/security-advisories
- https://www.zerodayinitiative.com/advisories/ZDI-21-218/
- https://www.zerodayinitiative.com/advisories/ZDI-21-223/
- https://www.zerodayinitiative.com/advisories/ZDI-21-224/
- https://www.zerodayinitiative.com/advisories/ZDI-21-244/
- https://www.zerodayinitiative.com/advisories/ZDI-21-245/
- https://www.zerodayinitiative.com/advisories/ZDI-21-246/
