File Parsing Vulnerabilities in OBJ Translator in NX

Plan Patch7.8SSA-328042Nov 9, 2021

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

NX contains two vulnerabilities (use-after-free and out-of-bounds read/write, CWE-416, CWE-824) in the OBJ file parser. When parsing a malicious OBJ 3D model file, these flaws could cause an access violation or lead to arbitrary code execution on the target system. The vulnerability requires a user to open a crafted file; it cannot be triggered remotely. Siemens has released patches for both affected series.

What this means

What could happen

An attacker could trick an engineer into opening a malicious OBJ file, causing NX to crash or potentially execute arbitrary code on the engineering workstation with the user's privileges.

Who's at risk

NX is used by design engineers and CAD operators to create 3D models and designs. This vulnerability affects anyone running NX 1953 or 1980 series versions below the patched releases. Organizations that rely on NX for product design, manufacturing planning, or model collaboration should ensure engineers and CAD technicians are using patched versions.

How it could be exploited

An attacker crafts a malicious OBJ 3D model file with specially formatted content that exploits a use-after-free or out-of-bounds memory flaw in NX's file parser. The attacker sends this file to an engineer via email or file sharing and tricks them into opening it. When NX parses the file, the vulnerability triggers and could crash the application or execute code.

Prerequisites

User must open the malicious OBJ file in an affected NX version
The user must have sufficient privileges on the workstation (typically the case since NX runs as the logged-in user)

User interaction required (file must be opened)local attack only (attacker needs to deliver file to user)no authentication requiredhigh impact if exploited (code execution possible)affects engineering workstations with design authority

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

NX 1953 Series< V1973.37001973.3700

NX 1980 Series< V19881988

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDTrain users to avoid opening OBJ files from untrusted or unknown sources, and verify file origin before opening in NX

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

NX 1953 Series

HOTFIXUpdate NX 1953 Series to version 1973.3700 or later

NX 1980 Series

HOTFIXUpdate NX 1980 Series to version 1988 or later

Long-term hardening

0/1

HARDENINGImplement email controls to block or quarantine suspicious OBJ files and alert users about attachment risks

CVEs (2)

CVE-2021-41535 CVE-2021-41538

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a7f43005-0bc7-4b1f-b4f3-94a748e6245c