All the vulnerabilites related to Siemens - Teamcenter Visualization V13.1
cve-2021-44000
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-335/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP9"
}
]
},
{
"product": "Solid Edge SE2022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2022MP1"
}
]
},
{
"product": "Teamcenter Visualization V13.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.9"
}
]
},
{
"product": "Teamcenter Visualization V13.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Teamcenter Visualization V13.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:26",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP9"
}
]
}
},
{
"product_name": "Solid Edge SE2022",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2022MP1"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.9"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.3.0.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44000",
"datePublished": "2022-02-09T15:17:07",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44016
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-338/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP9"
}
]
},
{
"product": "Solid Edge SE2022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2022MP1"
}
]
},
{
"product": "Teamcenter Visualization V13.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.9"
}
]
},
{
"product": "Teamcenter Visualization V13.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Teamcenter Visualization V13.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:27",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP9"
}
]
}
},
{
"product_name": "Solid Edge SE2022",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2022MP1"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.9"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.3.0.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-338/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44016",
"datePublished": "2022-02-09T15:17:09",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44018
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-340/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2021MP9"
}
]
},
{
"product": "Solid Edge SE2022",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2022MP1"
}
]
},
{
"product": "Teamcenter Visualization V13.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.9"
}
]
},
{
"product": "Teamcenter Visualization V13.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2.0.7"
}
]
},
{
"product": "Teamcenter Visualization V13.3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:28",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-44018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2021MP9"
}
]
}
},
{
"product_name": "Solid Edge SE2022",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2022MP1"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.9"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2.0.7"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.3.0.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.7), Solid Edge SE2021 (All versions \u003c SE2021MP9), Solid Edge SE2022 (All versions \u003c SE2022MP1), Teamcenter Visualization V13.1 (All versions \u003c V13.1.0.9), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.7), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-340/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-44018",
"datePublished": "2022-02-09T15:17:10",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}