Vulnerabilites related to Siemens - JT Open
cve-2024-37997
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2025-01-09 21:34
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: 0 < V11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt_open", vendor: "siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:plm_xml_sdk:v7.1.0.0014:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "plm_xml_sdk", vendor: "siemens", versions: [ { status: "affected", version: "V7.1.0.014", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T13:19:33.793225Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:34:46.837Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "PLM XML SDK", vendor: "Siemens", versions: [ { lessThan: "V7.1.0.014", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T08:40:15.076Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-959281.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-37997", datePublished: "2024-07-09T12:05:06.114Z", dateReserved: "2024-06-11T08:32:52.184Z", dateUpdated: "2025-01-09T21:34:46.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30796
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 22:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T22:14:13.209203Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T22:14:44.670Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.4", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:21.061Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30796", datePublished: "2023-08-08T09:20:21.061Z", dateReserved: "2023-04-18T09:19:57.943Z", dateUpdated: "2024-10-11T22:14:44.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37996
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: 0 < V11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37996", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-15T18:31:15.685735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-15T18:31:24.493Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "PLM XML SDK", vendor: "Siemens", versions: [ { lessThan: "V7.1.0.014", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T08:40:13.781Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-959281.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-37996", datePublished: "2024-07-09T12:05:04.781Z", dateReserved: "2024-06-11T08:32:52.184Z", dateUpdated: "2024-10-08T08:40:13.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47977
Vulnerability from cvelistv5
Published
2023-02-14 10:36
Modified
2025-03-20 16:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.2.3.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-47977", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T16:49:04.865039Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T16:49:09.008Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.2.3.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T09:24:57.845Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47977", datePublished: "2023-02-14T10:36:22.513Z", dateReserved: "2022-12-28T09:38:47.265Z", dateUpdated: "2025-03-20T16:49:09.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29053
Vulnerability from cvelistv5
Published
2023-04-11 09:03
Modified
2025-02-26 21:06
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.3.2.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.606Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-642810.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29053", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:06:30.675103Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T21:06:46.463Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.3.2.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:03:07.730Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-642810.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-29053", datePublished: "2023-04-11T09:03:07.730Z", dateReserved: "2023-03-30T12:04:26.538Z", dateUpdated: "2025-02-26T21:06:46.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44014
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:18.959Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44014", datePublished: "2021-12-14T12:06:50", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30795
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 22:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30795", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T22:16:06.900938Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T22:16:31.109Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.4", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.4", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.0.253", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.1.243", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.177", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.073", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:19.964Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30795", datePublished: "2023-08-08T09:20:19.964Z", dateReserved: "2023-04-18T09:19:57.943Z", dateUpdated: "2024-10-11T22:16:31.109Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44002
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:17.904Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44002", datePublished: "2021-12-14T12:06:41", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47935
Vulnerability from cvelistv5
Published
2023-01-10 11:39
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:47.238Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47935", datePublished: "2023-01-10T11:39:47.238Z", dateReserved: "2022-12-23T11:05:07.688Z", dateUpdated: "2024-08-03T15:02:36.565Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47936
Vulnerability from cvelistv5
Published
2023-02-14 10:36
Modified
2025-03-20 20:07
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.2.3.0 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-47936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T20:07:21.772715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T20:07:30.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.2.3.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.3.0", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.0.252", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.1.242", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.170", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.150", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T09:24:56.841Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47936", datePublished: "2023-02-14T10:36:21.369Z", dateReserved: "2022-12-23T11:29:16.433Z", dateUpdated: "2025-03-20T20:07:30.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }