CVE-2021-41535 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: How do I fix CVE-2021-41535?

1. Download the latest patch from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart the application and system as required.

Q: What is the severity of CVE-2021-41535?

CVE-2021-41535 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in Siemens NX and Solid Edge software when parsing OBJ files. An attacker could exploit this to execute arbitrary code with the privileges of the current user. Affected users include those running vulnerable versions of Siemens NX 1953 Series, NX 1980 Series, or Solid Edge SE2021.

📋 TL;DR

This CVE describes a use-after-free vulnerability in Siemens NX and Solid Edge software when parsing OBJ files. An attacker could exploit this to execute arbitrary code with the privileges of the current user. Affected users include those running vulnerable versions of Siemens NX 1953 Series, NX 1980 Series, or Solid Edge SE2021.

💻 Affected Systems

Products:

Siemens NX 1953 Series
Siemens NX 1980 Series
Solid Edge SE2021

Versions: NX 1953 Series: All versions < V1973.3700; NX 1980 Series: All versions < V1988; Solid Edge SE2021: All versions < SE2021MP8

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the OBJ file parser component of these CAD applications.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when a user opens a malicious OBJ file.

🟢

If Mitigated

Limited impact if software runs with minimal privileges and network access is restricted.

🌐 Internet-Facing: LOW - Exploitation typically requires user interaction to open a malicious file.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious OBJ file. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NX 1953 Series: V1973.3700 or later; NX 1980 Series: V1988 or later; Solid Edge SE2021: SE2021MP8 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf

Restart Required: Yes

Instructions:

1. Download the latest patch from Siemens support portal. 2. Install the update following vendor instructions. 3. Restart the application and system as required.

🔧 Temporary Workarounds

Restrict OBJ file handling

all

Block or restrict opening of OBJ files from untrusted sources.

Run with reduced privileges

windows

Configure applications to run with minimal user privileges.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code.
Use network segmentation to isolate affected systems from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check the software version in Help > About or via command line: nx --version or sedge --version

Check Version:

On Windows: Open application and check Help > About. On Linux: Use 'nx --version' or 'sedge --version'

Verify Fix Applied:

Verify installed version matches or exceeds patched versions listed in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening OBJ files
Unusual process creation from CAD applications

Network Indicators:

Unexpected outbound connections from CAD software

SIEM Query:

Process creation where parent process contains 'nx.exe' or 'sedge.exe' and command line contains '.obj'

📊 Metadata

CVE ID: CVE-2021-41535

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 28, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1119/ Third Party Advisory,VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf Patch,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1119/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41535, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nx 1957 Firmware by Siemens

Nx 1961 Firmware by Siemens

Nx 1965 Firmware by Siemens

Nx 1969 Firmware by Siemens

Nx 1984 Firmware by Siemens

Nx 1988 Firmware by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

Solid Edge by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict OBJ file handling

Run with reduced privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities