Vulnerabilites related to Siemens - JT Utilities
cve-2021-44433
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:55", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416: Use After Free", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44433", datePublished: "2021-12-14T12:06:55", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.452Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47977
Vulnerability from cvelistv5
Published
2023-02-14 10:36
Modified
2025-03-20 16:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.2.3.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-47977", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T16:49:04.865039Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T16:49:09.008Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.2.3.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T09:24:57.845Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47977", datePublished: "2023-02-14T10:36:22.513Z", dateReserved: "2022-12-28T09:38:47.265Z", dateUpdated: "2025-03-20T16:49:09.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29053
Vulnerability from cvelistv5
Published
2023-04-11 09:03
Modified
2025-02-26 21:06
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.3.2.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.606Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-642810.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29053", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:06:30.675103Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T21:06:46.463Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.3.2.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:03:07.730Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-642810.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-29053", datePublished: "2023-04-11T09:03:07.730Z", dateReserved: "2023-03-30T12:04:26.538Z", dateUpdated: "2025-02-26T21:06:46.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44444
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-31T18:06:21", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44444", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, { name: "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167317/Microsoft-Office-MSDT-Follina-Proof-Of-Concept.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44444", datePublished: "2021-12-14T12:07:04", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44443
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:03", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44443", datePublished: "2021-12-14T12:07:03", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47936
Vulnerability from cvelistv5
Published
2023-02-14 10:36
Modified
2025-03-20 20:07
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.2.3.0 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-47936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T20:07:21.772715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T20:07:30.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.2.3.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.3.0", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.0.252", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.1.242", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.170", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.150", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T09:24:56.841Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47936", datePublished: "2023-02-14T10:36:21.369Z", dateReserved: "2022-12-23T11:29:16.433Z", dateUpdated: "2025-03-20T20:07:30.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33713
Vulnerability from cvelistv5
Published
2021-07-13 11:03
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | JT Utilities |
Version: All versions < V13.0.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:22.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-688", description: "CWE-688: Function Call With Incorrect Variable or Reference as Argument", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-13T11:03:03", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-33713", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.2.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-688: Function Call With Incorrect Variable or Reference as Argument", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-33713", datePublished: "2021-07-13T11:03:03", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:22.818Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44439
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:59", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44439", datePublished: "2021-12-14T12:06:59", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44445
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:05", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44445", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44445", datePublished: "2021-12-14T12:07:05", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30795
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 22:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30795", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T22:16:06.900938Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T22:16:31.109Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.4", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.4", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.0.253", }, ], }, { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V34.1.243", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.0.177", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V35.1.073", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:19.964Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30795", datePublished: "2023-08-08T09:20:19.964Z", dateReserved: "2023-04-18T09:19:57.943Z", dateUpdated: "2024-10-11T22:16:31.109Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33715
Vulnerability from cvelistv5
Published
2021-07-13 11:03
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | JT Utilities |
Version: All versions < V13.0.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:22.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-13T11:03:05", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-33715", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.2.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-33715", datePublished: "2021-07-13T11:03:05", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:22.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44441
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.418Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:01", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44441", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44441", datePublished: "2021-12-14T12:07:01", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44447
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.0.3.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.3.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:06", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44447", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.3.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.0.3.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416: Use After Free", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44447", datePublished: "2021-12-14T12:07:06", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44448
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.0.3.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.3.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:07", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44448", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.3.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.0.3.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44448", datePublished: "2021-12-14T12:07:07", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44449
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V12.8.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.834Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V12.8.1.1", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V10.8.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:08", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V12.8.1.1", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V10.8.1.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44449", datePublished: "2021-12-14T12:07:08", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.834Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30796
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 22:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T22:14:13.209203Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T22:14:44.670Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.4", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:21.061Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-001569.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-30796", datePublished: "2023-08-08T09:20:21.061Z", dateReserved: "2023-04-18T09:19:57.943Z", dateUpdated: "2024-10-11T22:14:44.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44434
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:56", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44434", datePublished: "2021-12-14T12:06:56", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44435
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.488Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:56", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44435", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121: Stack-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44435", datePublished: "2021-12-14T12:06:56", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44014
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:18.959Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44014", datePublished: "2021-12-14T12:06:50", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44432
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:15.103Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:54", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44432", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121: Stack-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44432", datePublished: "2021-12-14T12:06:54", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:15.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44440
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:00", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44440", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44440", datePublished: "2021-12-14T12:07:00", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44446
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.0.3.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.3.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.0.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:05", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44446", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.3.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.0.3.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44446", datePublished: "2021-12-14T12:07:05", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44002
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:17.904Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44002", datePublished: "2021-12-14T12:06:41", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44436
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.497Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:57", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44436", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44436", datePublished: "2021-12-14T12:06:57", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44450
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V12.8.1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V12.8.1.1", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V10.8.1.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:08", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44450", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V12.8.1.1", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V10.8.1.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44450", datePublished: "2021-12-14T12:07:08", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44438
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:59", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44438", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44438", datePublished: "2021-12-14T12:06:59", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44437
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:58", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44437", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44437", datePublished: "2021-12-14T12:06:58", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44430
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:53", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44430", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44430", datePublished: "2021-12-14T12:06:53", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44442
Vulnerability from cvelistv5
Published
2021-12-14 12:07
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:07:02", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44442", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44442", datePublished: "2021-12-14T12:07:02", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33714
Vulnerability from cvelistv5
Published
2021-07-13 11:03
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | JT Utilities |
Version: All versions < V13.0.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:22.579Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.0.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-13T11:03:04", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-33714", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.0.2.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-33714", datePublished: "2021-07-13T11:03:04", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:22.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44431
Vulnerability from cvelistv5
Published
2021-12-14 12:06
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Utilities |
Version: All versions < V13.1.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { product: "JTTK", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-14T12:06:53", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44431", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT Utilities", version: { version_data: [ { version_value: "All versions < V13.1.1.0", }, ], }, }, { product_name: "JTTK", version: { version_data: [ { version_value: "All versions < V11.1.1.0", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44431", datePublished: "2021-12-14T12:06:53", dateReserved: "2021-11-30T00:00:00", dateUpdated: "2024-08-04T04:25:16.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47935
Vulnerability from cvelistv5
Published
2023-01-10 11:39
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: All versions < V11.1.1.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V11.1.1.0", }, ], }, { defaultStatus: "unknown", product: "JT Utilities", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.1.0", }, ], }, { defaultStatus: "unknown", product: "Solid Edge", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2023", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T11:39:47.238Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-47935", datePublished: "2023-01-10T11:39:47.238Z", dateReserved: "2022-12-23T11:05:07.688Z", dateUpdated: "2024-08-03T15:02:36.565Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202112-0807
Vulnerability from variot
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077). JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-15058 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0807", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "solid edge viewer", scope: null, trust: 1.4, vendor: "siemens", version: null, }, { model: "jt utilities", scope: "lt", trust: 1, vendor: "siemens", version: "13.1.1.0", }, { model: "jt open toolkit", scope: "lt", trust: 1, vendor: "siemens", version: "11.1.1.0", }, { model: "jt2go", scope: "lt", trust: 1, vendor: "siemens", version: "13.2.0.5", }, { model: "teamcenter visualization", scope: "lt", trust: 1, vendor: "siemens", version: "13.2.0.5", }, { model: "solid edge", scope: "lt", trust: 1, vendor: "siemens", version: "se2023", }, { model: "jt2go", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "teamcenter visualization", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "13.2.0.5", }, { model: "jt2go", scope: null, trust: 0.7, vendor: "siemens", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.1.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.1.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.2.0.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.2.0.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "se2023", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-44002", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mat Powell of Trend Micro Zero Day Initiative", sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], trust: 2.7, }, cve: "CVE-2021-44002", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-44002", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-44002", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2.1, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-44002", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "ZDI", id: "CVE-2021-44002", trust: 2.1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-44002", trust: 1.8, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2021-44002", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-1193", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-44002", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, { db: "NVD", id: "CVE-2021-44002", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077). JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-15058 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files", sources: [ { db: "NVD", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, ], trust: 3.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-44002", trust: 5.4, }, { db: "SIEMENS", id: "SSA-936212", trust: 1.7, }, { db: "SIEMENS", id: "SSA-595101", trust: 1.7, }, { db: "ZDI", id: "ZDI-22-006", trust: 1.4, }, { db: "JVN", id: "JVNVU96592426", trust: 0.8, }, { db: "JVN", id: "JVNVU90782730", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-005666", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15058", trust: 0.7, }, { db: "ZDI_CAN", id: "ZDI-CAN-19077", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-088", trust: 0.7, }, { db: "ZDI_CAN", id: "ZDI-CAN-19076", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-087", trust: 0.7, }, { db: "ICS CERT", id: "ICSA-21-350-10", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.4300", trust: 0.6, }, { db: "CS-HELP", id: "SB2022010614", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-1193", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-44002", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, id: "VAR-202112-0807", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15799868, }, last_update_date: "2023-12-18T10:56:33.053000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Siemens has issued an update to correct this vulnerability.", trust: 1.4, url: "https://cert-portal.siemens.com/productcert/html/ssa-936212.html", }, { title: "SSA-595101", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { title: "", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, { title: "Siemens Jt2go and Siemens Teamcenter Visualization Buffer error vulnerability fix", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=175052", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=39139dcd04f2a523ea449623583b65af", }, ], sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, { trust: 1.4, url: "https://cert-portal.siemens.com/productcert/html/ssa-936212.html", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44002", }, { trust: 1.3, url: "https://www.zerodayinitiative.com/advisories/zdi-22-006/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu96592426/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90782730/", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4300", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022010614", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, ], sources: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-006", }, { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, { db: "VULMON", id: "CVE-2021-44002", }, { db: "JVNDB", id: "JVNDB-2021-005666", }, { db: "NVD", id: "CVE-2021-44002", }, { db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-06T00:00:00", db: "ZDI", id: "ZDI-22-006", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-088", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-087", }, { date: "2021-12-14T00:00:00", db: "VULMON", id: "CVE-2021-44002", }, { date: "2021-12-16T00:00:00", db: "JVNDB", id: "JVNDB-2021-005666", }, { date: "2021-12-14T12:15:10.143000", db: "NVD", id: "CVE-2021-44002", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-09T00:00:00", db: "ZDI", id: "ZDI-22-006", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-088", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-087", }, { date: "2023-02-21T00:00:00", db: "VULMON", id: "CVE-2021-44002", }, { date: "2023-01-16T07:40:00", db: "JVNDB", id: "JVNDB-2021-005666", }, { date: "2023-02-21T18:34:56.270000", db: "NVD", id: "CVE-2021-44002", }, { date: "2023-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-1193", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-1193", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", sources: [ { db: "ZDI", id: "ZDI-23-088", }, { db: "ZDI", id: "ZDI-23-087", }, ], trust: 1.4, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202112-1193", }, ], trust: 0.6, }, }
var-202112-0795
Vulnerability from variot
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081). JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-15107 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0795", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "jt utilities", scope: "lt", trust: 1, vendor: "siemens", version: "13.1.1.0", }, { model: "jt open toolkit", scope: "lt", trust: 1, vendor: "siemens", version: "11.1.1.0", }, { model: "jt2go", scope: "lt", trust: 1, vendor: "siemens", version: "13.2.0.5", }, { model: "teamcenter visualization", scope: "lt", trust: 1, vendor: "siemens", version: "13.2.0.5", }, { model: "solid edge", scope: "lt", trust: 1, vendor: "siemens", version: "se2023", }, { model: "jt2go", scope: null, trust: 0.8, vendor: "シーメンス", version: null, }, { model: "teamcenter visualization", scope: "eq", trust: 0.8, vendor: "シーメンス", version: "13.2.0.5", }, { model: "jt2go", scope: null, trust: 0.7, vendor: "siemens", version: null, }, { model: "solid edge viewer", scope: null, trust: 0.7, vendor: "siemens", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:jt_open_toolkit:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.1.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:jt_utilities:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.1.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.2.0.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "13.2.0.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:solid_edge:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "se2023", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-44014", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mat Powell of Trend Micro Zero Day Initiative", sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], trust: 2, }, cve: "CVE-2021-44014", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-44014", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "ZDI", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-44014", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.4, userInteraction: "REQUIRED", vectorString: "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-44014", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-44014", trust: 1.8, value: "HIGH", }, { author: "ZDI", id: "CVE-2021-44014", trust: 1.4, value: "HIGH", }, { author: "productcert@siemens.com", id: "CVE-2021-44014", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202112-1205", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-44014", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, { db: "NVD", id: "CVE-2021-44014", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081). JT2Go and Teamcenter Visualization Exists in a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-15107 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object", sources: [ { db: "NVD", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, ], trust: 2.97, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-44014", trust: 4.7, }, { db: "SIEMENS", id: "SSA-936212", trust: 1.7, }, { db: "SIEMENS", id: "SSA-595101", trust: 1.7, }, { db: "ZDI", id: "ZDI-22-005", trust: 1.4, }, { db: "JVN", id: "JVNVU96592426", trust: 0.8, }, { db: "JVN", id: "JVNVU90782730", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2021-005656", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15057", trust: 0.7, }, { db: "ZDI_CAN", id: "ZDI-CAN-19081", trust: 0.7, }, { db: "ZDI", id: "ZDI-23-090", trust: 0.7, }, { db: "ICS CERT", id: "ICSA-21-350-10", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2021.4300", trust: 0.6, }, { db: "CS-HELP", id: "SB2022010614", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-1205", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-44014", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, id: "VAR-202112-0795", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.15799868, }, last_update_date: "2023-12-18T10:58:01.037000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SSA-595101", trust: 0.8, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { title: "", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, { title: "Siemens has issued an update to correct this vulnerability.", trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-936212.html", }, { title: "Siemens Jt2go Remediation of resource management error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=174920", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=39139dcd04f2a523ea449623583b65af", }, ], sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-416", trust: 1, }, { problemtype: "Use of freed memory (CWE-416) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf", }, { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf", }, { trust: 1.3, url: "https://www.zerodayinitiative.com/advisories/zdi-22-005/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu96592426/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu90782730/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44014", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, { trust: 0.7, url: "https://cert-portal.siemens.com/productcert/html/ssa-936212.html", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-10", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4300", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022010614", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/416.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-10", }, ], sources: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-005", }, { db: "ZDI", id: "ZDI-23-090", }, { db: "VULMON", id: "CVE-2021-44014", }, { db: "JVNDB", id: "JVNDB-2021-005656", }, { db: "NVD", id: "CVE-2021-44014", }, { db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-06T00:00:00", db: "ZDI", id: "ZDI-22-005", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-090", }, { date: "2021-12-14T00:00:00", db: "VULMON", id: "CVE-2021-44014", }, { date: "2021-12-16T00:00:00", db: "JVNDB", id: "JVNDB-2021-005656", }, { date: "2021-12-14T12:15:10.770000", db: "NVD", id: "CVE-2021-44014", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-09T00:00:00", db: "ZDI", id: "ZDI-22-005", }, { date: "2023-01-18T00:00:00", db: "ZDI", id: "ZDI-23-090", }, { date: "2023-02-21T00:00:00", db: "VULMON", id: "CVE-2021-44014", }, { date: "2023-01-16T07:40:00", db: "JVNDB", id: "JVNDB-2021-005656", }, { date: "2023-02-21T18:35:00.857000", db: "NVD", id: "CVE-2021-44014", }, { date: "2023-01-11T00:00:00", db: "CNNVD", id: "CNNVD-202112-1205", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-1205", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "JT2Go and Teamcenter Visualization Vulnerability in using free memory in", sources: [ { db: "JVNDB", id: "JVNDB-2021-005656", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "resource management error", sources: [ { db: "CNNVD", id: "CNNVD-202112-1205", }, ], trust: 0.6, }, }