CVE-2021-32938 – This vulnerability in Drawings SDK allows attac... (How to Fix)

Q: What is the severity of CVE-2021-32938?

CVE-2021-32938 has a CVSS score of 7.1 (HIGH). This vulnerability in Drawings SDK allows attackers to read sensitive information from memory or cause denial-of-service by exploiting improper validation of DWG file data. All versions prior to 2022.4 are affected, impacting systems that process DWG files using Siemens software components. Attackers can trigger this by providing specially crafted DWG files.

📋 TL;DR

This vulnerability in Drawings SDK allows attackers to read sensitive information from memory or cause denial-of-service by exploiting improper validation of DWG file data. All versions prior to 2022.4 are affected, impacting systems that process DWG files using Siemens software components. Attackers can trigger this by providing specially crafted DWG files.

💻 Affected Systems

Products:

Siemens Drawings SDK
Siemens products using Drawings SDK for DWG file processing

Versions: All versions prior to 2022.4

Operating Systems: Windows, Linux, Other platforms using affected SDK

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any application using vulnerable Drawings SDK versions to parse DWG files. Siemens products like JT2Go, Teamcenter Visualization, and others may be impacted.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents including credentials, keys, or other application data, potentially leading to further system compromise.

🟠

Likely Case

Denial-of-service causing application crashes when processing malicious DWG files, disrupting CAD workflows.

🟢

If Mitigated

Limited impact with proper file validation and network segmentation preventing malicious file uploads.

🌐 Internet-Facing: MEDIUM - Requires file upload capability to internet-facing systems processing DWG files.

🏢 Internal Only: MEDIUM - Internal users could exploit via file sharing or email attachments if they can submit DWG files to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to submit DWG files to vulnerable systems. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2022.4 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

Restart Required: Yes

Instructions:

1. Identify affected Siemens products using Drawings SDK. 2. Update to version 2022.4 or later. 3. Restart affected applications/services. 4. Verify update via version check.

🔧 Temporary Workarounds

Restrict DWG file processing

all

Limit DWG file processing to trusted sources and implement file validation

Network segmentation

all

Isolate systems processing DWG files from untrusted networks

🧯 If You Can't Patch

Implement strict file upload validation and scanning for DWG files
Restrict access to DWG processing functionality to authorized users only

🔍 How to Verify

Check if Vulnerable:

Check Drawings SDK version in affected Siemens products. Versions below 2022.4 are vulnerable.

Check Version:

Check application documentation for version information or use Siemens product-specific version commands.

Verify Fix Applied:

Confirm Drawings SDK version is 2022.4 or later after update.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing DWG files
Unusual memory access patterns in application logs

Network Indicators:

Unexpected DWG file uploads to vulnerable endpoints

SIEM Query:

source="application_logs" AND (event="crash" OR event="exception") AND file_type="DWG"

📊 Metadata

CVE ID: CVE-2021-32938

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: June 17, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf Patch,Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf Patch,Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 Patch,Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-980/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf Patch,Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf Patch,Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02 Patch,Third Party Advisory,US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-980/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32938, you might also want to check these: