Vulnerabilites related to Siemens - Parasolid V36.1
cve-2024-32637
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ps_iges_parasolid_translator_component", vendor: "siemens", versions: [ { lessThan: "v27.1.215 ", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32637", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:33.414539Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T18:07:35.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:07.678Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32637", datePublished: "2024-05-14T10:02:44.682Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:07.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26277
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T19:51:56.120704Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:49:18.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:18.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:03.735Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26277", datePublished: "2024-04-09T08:34:38.896Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:03.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31980
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V35.1 |
Version: 0 < V35.1.256 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.256", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.210", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.185", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-31980", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:39:14.173926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T17:09:32.754Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:59:50.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-489698.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.256", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.210", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.185", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T07:24:15.740Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-489698.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-31980", datePublished: "2024-05-14T10:02:27.405Z", dateReserved: "2024-04-08T12:20:23.712Z", dateUpdated: "2024-08-02T01:59:50.660Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32636
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.256", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.208", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.173", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32636", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:41.622204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T17:29:19.950Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:06.352Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32636", datePublished: "2024-05-14T10:02:43.480Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:06.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26275
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt2go", vendor: "siemens", versions: [ { lessThan: "2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.254", status: "affected", version: "0", versionType: "custom", }, { lessThan: "36.0.207", status: "affected", version: "0", versionType: "custom", }, { lessThan: "36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "14.2", versionType: "custom", }, { lessThan: "14.3.0.9", status: "affected", version: "14.3", versionType: "custom", }, { lessThan: "2312.0004", status: "affected", version: "2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T15:24:40.222186Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T18:33:02.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:19.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:00.911Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26275", datePublished: "2024-04-09T08:34:36.604Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:00.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32635
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.256", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.208", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.173", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32635", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:49.970409Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T17:27:51.096Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:05.071Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32635", datePublished: "2024-05-14T10:02:42.291Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:05.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54091
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2024-12-12 14:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V36.1 |
Version: 0 < V36.1.225 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54091", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:15:24.096235Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:59.464Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.225", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V37.0", vendor: "Siemens", versions: [ { lessThan: "V37.0.173", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-12T14:07:55.222Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-54091", datePublished: "2024-12-10T13:54:17.315Z", dateReserved: "2024-11-28T12:05:26.694Z", dateUpdated: "2024-12-12T14:07:55.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26276
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.254", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.207", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.147", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26276", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:40:25.505191Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T14:53:58.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:18.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:02.376Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26276", datePublished: "2024-04-09T08:34:37.744Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:02.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }