Vulnerabilites related to Siemens - Teamcenter Visualization V13.3
cve-2021-44016
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-338/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Solid Edge SE2021", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2021MP9", }, ], }, { product: "Solid Edge SE2022", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2022MP1", }, ], }, { product: "Teamcenter Visualization V13.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.0.9", }, ], }, { product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-14T09:21:27", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44016", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Solid Edge SE2021", version: { version_data: [ { version_value: "All versions < SE2021MP9", }, ], }, }, { product_name: "Solid Edge SE2022", version: { version_data: [ { version_value: "All versions < SE2022MP1", }, ], }, }, { product_name: "Teamcenter Visualization V13.1", version: { version_data: [ { version_value: "All versions < V13.1.0.9", }, ], }, }, { product_name: "Teamcenter Visualization V13.2", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-338/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44016", datePublished: "2022-02-09T15:17:09", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29028
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:05", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29028", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29028", datePublished: "2022-05-10T09:47:05", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.706Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29031
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:09", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29031", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29031", datePublished: "2022-05-10T09:47:09", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3160
Vulnerability from cvelistv5
Published
2023-01-13 00:16
Modified
2025-01-16 22:01
Severity ?
EPSS score ?
Summary
The APDFL.dll contains an out-of-bounds write past the fixed-length
heap-based buffer while parsing specially crafted PDF files. This could
allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3160", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T20:32:32.555490Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-16T22:01:46.182Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "JT2Go", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V13.3", vendor: "Siemens ", versions: [ { lessThan: "13.3.0.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.0", vendor: "Siemens ", versions: [ { lessThan: "14.0.0.4", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.1", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Michael Heinz and Nafiez reported these vulnerabilities to Siemens. ", }, ], datePublic: "2022-12-16T00:15:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\nThe APDFL.dll contains an out-of-bounds write past the fixed-length \nheap-based buffer while parsing specially crafted PDF files. This could \nallow an attacker to execute code in the context of the current process.\n\n\n\n", }, ], value: "\nThe APDFL.dll contains an out-of-bounds write past the fixed-length \nheap-based buffer while parsing specially crafted PDF files. This could \nallow an attacker to execute code in the context of the current process.\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-13T00:16:30.069Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nSiemens released updates for the affected products and recommends updating to the latest versions:<br><ul><li><span style=\"background-color: var(--wht);\">JT2Go: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">. <br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V13.3: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V13.3.0.8 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.0: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.0.0.4 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.1: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">.</span></li></ul>", }, ], value: "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html . \n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n", }, ], source: { discovery: "EXTERNAL", }, workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n<p>Siemens identified the following specific workaround and mitigation user can apply to reduce risk: </p>\n\n<ul><li>Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.</li>\n</ul><p>As a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">operational guidelines for industrial security</a></p> and following the recommendations in the product manuals. Siemens also provides <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">additional information on industrial security</a>.<br>\nFor further inquiries on security vulnerabilities in Siemens products, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\">Siemens</a>. <br>\nFor more information, see the associated Siemens security advisory SSA-360681 in <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\">HTML </a>and <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\">CSAF</a>.\n\n<br>", }, ], value: "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-3160", datePublished: "2023-01-13T00:16:30.069Z", dateReserved: "2022-09-07T23:37:57.515Z", dateUpdated: "2025-01-16T22:01:46.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33122
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:34.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33122", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:40:14.247239Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:40:43.732Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:15.483Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33122", datePublished: "2023-06-13T08:17:15.483Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:40:43.732Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44000
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-335/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Solid Edge SE2021", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2021MP9", }, ], }, { product: "Solid Edge SE2022", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2022MP1", }, ], }, { product: "Teamcenter Visualization V13.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.0.9", }, ], }, { product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-14T09:21:26", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44000", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Solid Edge SE2021", version: { version_data: [ { version_value: "All versions < SE2021MP9", }, ], }, }, { product_name: "Solid Edge SE2022", version: { version_data: [ { version_value: "All versions < SE2022MP1", }, ], }, }, { product_name: "Teamcenter Visualization V13.1", version: { version_data: [ { version_value: "All versions < V13.1.0.9", }, ], }, }, { product_name: "Teamcenter Visualization V13.2", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-122: Heap-based Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-335/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44000", datePublished: "2022-02-09T15:17:07", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38075
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:27.558Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38075", datePublished: "2023-09-12T09:32:19.039Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29032
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:11", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29032", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-415: Double Free", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29032", datePublished: "2022-05-10T09:47:11", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41288
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:46.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:48.369Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41288", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:46.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29029
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.560Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:06", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29029", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476: NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29029", datePublished: "2022-05-10T09:47:06", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33123
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:38
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33123", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:37:56.343806Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:38:42.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:16.585Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33123", datePublished: "2023-06-13T08:17:16.585Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:38:42.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41285
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.047Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:45.408Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41285", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38072
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:23.586Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38072", datePublished: "2023-09-12T09:32:15.739Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:13.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41287
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-369", description: "CWE-369: Divide By Zero", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:47.392Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41287", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38070
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:21.001Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38070", datePublished: "2023-09-12T09:32:13.603Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41279
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:39.221Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41279", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41662
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:52.143Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41662", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33121
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:41:54.698537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:42:09.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:14.419Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33121", datePublished: "2023-06-13T08:17:14.419Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:42:09.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33124
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:37
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33124", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:36:55.445166Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:37:31.531Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:17.687Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33124", datePublished: "2023-06-13T08:17:17.687Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:37:31.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38074
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:26.239Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38074", datePublished: "2023-09-12T09:32:17.948Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51745
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:40:34.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:17.032Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51745", datePublished: "2024-01-09T10:00:17.032Z", dateReserved: "2023-12-22T11:30:22.671Z", dateUpdated: "2024-08-02T22:40:34.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41661
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:51.110Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41661", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.627Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3161
Vulnerability from cvelistv5
Published
2023-01-13 00:17
Modified
2025-01-16 22:01
Severity ?
EPSS score ?
Summary
The APDFL.dll contains a memory corruption vulnerability while parsing
specially crafted PDF files. This could allow an attacker to execute
code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T20:32:28.959429Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-16T22:01:39.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "JT2Go", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V13.3", vendor: "Siemens ", versions: [ { lessThan: "13.3.0.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.0", vendor: "Siemens ", versions: [ { lessThan: "14.0.0.4", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.1", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Michael Heinz and Nafiez reported these vulnerabilities to Siemens. ", }, ], datePublic: "2022-12-16T00:15:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n\nThe APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process.\n\n\n\n\n\n", }, ], value: "\n\nThe APDFL.dll contains a memory corruption vulnerability while parsing \nspecially crafted PDF files. This could allow an attacker to execute \ncode in the context of the current process.\n\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-13T00:17:06.310Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nSiemens released updates for the affected products and recommends updating to the latest versions:<br><ul><li><span style=\"background-color: var(--wht);\">JT2Go: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">. <br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V13.3: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V13.3.0.8 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.0: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.0.0.4 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.1: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">.</span></li></ul>", }, ], value: "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html . \n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n", }, ], source: { discovery: "EXTERNAL", }, workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n<p>Siemens identified the following specific workaround and mitigation user can apply to reduce risk: </p>\n\n<ul><li>Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.</li>\n</ul><p>As a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">operational guidelines for industrial security</a></p> and following the recommendations in the product manuals. Siemens also provides <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">additional information on industrial security</a>.<br>\nFor further inquiries on security vulnerabilities in Siemens products, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\">Siemens</a>. <br>\nFor more information, see the associated Siemens security advisory SSA-360681 in <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\">HTML </a>and <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\">CSAF</a>.\n\n<br>", }, ], value: "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-3161", datePublished: "2023-01-13T00:17:06.310Z", dateReserved: "2022-09-07T23:38:34.248Z", dateUpdated: "2025-01-16T22:01:39.070Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44018
Vulnerability from cvelistv5
Published
2022-02-09 15:17
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-340/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.2.0.7 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Solid Edge SE2021", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2021MP9", }, ], }, { product: "Solid Edge SE2022", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < SE2022MP1", }, ], }, { product: "Teamcenter Visualization V13.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.1.0.9", }, ], }, { product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.7", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-14T09:21:28", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-44018", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Solid Edge SE2021", version: { version_data: [ { version_value: "All versions < SE2021MP9", }, ], }, }, { product_name: "Solid Edge SE2022", version: { version_data: [ { version_value: "All versions < SE2022MP1", }, ], }, }, { product_name: "Teamcenter Visualization V13.1", version: { version_data: [ { version_value: "All versions < V13.1.0.9", }, ], }, }, { product_name: "Teamcenter Visualization V13.2", version: { version_data: [ { version_value: "All versions < V13.2.0.7", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-22-340/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-44018", datePublished: "2022-02-09T15:17:10", dateReserved: "2021-11-18T00:00:00", dateUpdated: "2024-08-04T04:10:17.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2069
Vulnerability from cvelistv5
Published
2022-10-20 00:00
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: unspecified < V13.3.0.5 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V13.3.0.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { lessThan: "V13.3.0.5", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { lessThan: "V14.0.0.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Siemens reported this vulnerability to CISA.", }, ], descriptions: [ { lang: "en", value: "The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: " CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-20T00:00:00", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf", }, { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-07", }, ], solutions: [ { lang: "en", value: "Siemens recommends updating to the latest version:\nTeamcenter Visualization V13.3: Update to version 13.3.0.5 or later\nTeamcenter Visualization V14.0: Currently no fix available.\nJT2Go V13.3.0.5: Update to version 13.3.0.5 or later\n\nFor more information see Siemens Security Advisory SSA-829738", }, ], source: { discovery: "INTERNAL", }, title: " Datalogics APDFL library Heap-based Buffer Overflow", workarounds: [ { lang: "en", value: "Avoid opening untrusted files in JT2Go and Teamcenter Visualization\n\nAs a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ and to follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found on Siemens’ Industrial Security webpage.\n\nFor more information see Siemens Security Advisory SSA-829738", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-2069", datePublished: "2022-10-20T00:00:00", dateReserved: "2022-06-13T00:00:00", dateUpdated: "2024-08-03T00:24:44.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41663
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:53.179Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41663", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38073
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:24.893Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38073", datePublished: "2023-09-12T09:32:16.855Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45484
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.5", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:52.706Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-45484", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-21T00:00:00", dateUpdated: "2024-08-03T14:17:03.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51439
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:10.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:14.394Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51439", datePublished: "2024-01-09T10:00:14.394Z", dateReserved: "2023-12-19T11:47:14.991Z", dateUpdated: "2024-08-02T22:32:10.018Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38071
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-11-25 21:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38071", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T21:17:44.338467Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T21:17:56.790Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:22.297Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38071", datePublished: "2023-09-12T09:32:14.673Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-11-25T21:17:56.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41280
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:40.259Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41280", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41664
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:54.230Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41664", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41660
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:50.033Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41660", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41281
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:41.331Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41281", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41286
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:45.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:46.397Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41286", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:45.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41283
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.879Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:43.378Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41283", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.879Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39136
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T11:10:32.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.7", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions >= V13.3.0.7 < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:16:47.803Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-39136", datePublished: "2022-11-08T00:00:00", dateReserved: "2022-09-01T00:00:00", dateUpdated: "2024-08-03T11:10:32.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41278
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:45.639Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:38.189Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41278", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:45.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38076
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:28.851Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38076", datePublished: "2023-09-12T09:32:20.160Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28830
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-23 19:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T19:48:40.205775Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T19:49:54.534Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, { defaultStatus: "unknown", product: "Solid Edge SE2022", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V222.0 Update 13", }, ], }, { defaultStatus: "unknown", product: "Solid Edge SE2023", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V223.0 Update 4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.15", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:17.760Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-28830", datePublished: "2023-08-08T09:20:17.760Z", dateReserved: "2023-03-24T15:17:33.934Z", dateUpdated: "2024-10-23T19:49:54.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51746
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-09-04 15:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:48:11.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-51746", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T15:13:57.367529Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T15:14:05.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:18.333Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51746", datePublished: "2024-01-09T10:00:18.333Z", dateReserved: "2023-12-22T11:30:22.672Z", dateUpdated: "2024-09-04T15:14:05.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51744
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:40:34.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:15.708Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51744", datePublished: "2024-01-09T10:00:15.708Z", dateReserved: "2023-12-22T11:30:22.671Z", dateUpdated: "2024-08-02T22:40:34.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3159
Vulnerability from cvelistv5
Published
2023-01-13 00:15
Modified
2025-01-16 22:01
Severity ?
EPSS score ?
Summary
The APDFL.dll contains a stack-based buffer overflow vulnerability that
could be triggered while parsing specially crafted PDF files. This could
allow an attacker to execute code in the context of the current
process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < 14.1.0.5 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:00:10.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-3159", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T20:32:35.727245Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-16T22:01:53.147Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "JT2Go", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V13.3", vendor: "Siemens ", versions: [ { lessThan: "13.3.0.8", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.0", vendor: "Siemens ", versions: [ { lessThan: "14.0.0.4", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Teamcenter Visualization V14.1", vendor: "Siemens ", versions: [ { lessThan: "14.1.0.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Michael Heinz and Nafiez reported these vulnerabilities to Siemens. ", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nThe APDFL.dll contains a stack-based buffer overflow vulnerability that \ncould be triggered while parsing specially crafted PDF files. This could\n allow an attacker to execute code in the context of the current \nprocess.\n\n", }, ], value: "The APDFL.dll contains a stack-based buffer overflow vulnerability that \ncould be triggered while parsing specially crafted PDF files. This could\n allow an attacker to execute code in the context of the current \nprocess.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-13T00:15:15.775Z", orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", shortName: "icscert", }, references: [ { url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-15", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-360681.html", }, { url: "https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\nSiemens released updates for the affected products and recommends updating to the latest versions:<br><ul><li><span style=\"background-color: var(--wht);\">JT2Go: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">. <br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V13.3: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V13.3.0.8 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.0: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.0.0.4 or later version</a><span style=\"background-color: var(--wht);\">.<br></span></li><li><span style=\"background-color: var(--wht);\">Teamcenter Visualization V14.1: </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">Update to V14.1.0.5 or later version</a><span style=\"background-color: var(--wht);\">.</span></li></ul>", }, ], value: "Siemens released updates for the affected products and recommends updating to the latest versions:\n * JT2Go: Update to V14.1.0.5 or later version https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html . \n\n * Teamcenter Visualization V13.3: Update to V13.3.0.8 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.0: Update to V14.0.0.4 or later version https://support.sw.siemens.com/ .\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.5 or later version https://support.sw.siemens.com/ .\n\n\n", }, ], source: { discovery: "EXTERNAL", }, workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n<p>Siemens identified the following specific workaround and mitigation user can apply to reduce risk: </p>\n\n<ul><li>Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.</li>\n</ul><p>As a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">operational guidelines for industrial security</a></p> and following the recommendations in the product manuals. Siemens also provides <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">additional information on industrial security</a>.<br>\nFor further inquiries on security vulnerabilities in Siemens products, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/advisories\">Siemens</a>. <br>\nFor more information, see the associated Siemens security advisory SSA-360681 in <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/html/ssa-360681.html\">HTML </a>and <a target=\"_blank\" rel=\"nofollow\" href=\"https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json\">CSAF</a>.\n\n<br>", }, ], value: "Siemens identified the following specific workaround and mitigation user can apply to reduce risk: \n\n\n\n * Do not open untrusted PDF files in JT2Go and Teamcenter Visualization.\n\n\n\nAs a general security measure, Siemens recommends protecting \nnetwork access to devices with appropriate mechanisms. To operate the \ndevices in a protected IT environment, Siemens recommends configuring \nthe environment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security \n\n and following the recommendations in the product manuals. Siemens also provides additional information on industrial security https://www.siemens.com/industrialsecurity .\n\nFor further inquiries on security vulnerabilities in Siemens products, users should contact Siemens https://www.siemens.com/cert/advisories . \n\nFor more information, see the associated Siemens security advisory SSA-360681 in HTML https://cert-portal.siemens.com/productcert/html/ssa-360681.html and CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-360681.json .\n\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", assignerShortName: "icscert", cveId: "CVE-2022-3159", datePublished: "2023-01-13T00:15:15.775Z", dateReserved: "2022-09-07T23:36:59.702Z", dateUpdated: "2025-01-16T22:01:53.147Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29030
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.579Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-680", description: "CWE-680: Integer Overflow to Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:08", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-680: Integer Overflow to Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29030", datePublished: "2022-05-10T09:47:08", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29033
Vulnerability from cvelistv5
Published
2022-05-10 09:47
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V13.3.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:58.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.3", }, ], }, { product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-824", description: "CWE-824: Access of Uninitialized Pointer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T09:47:12", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2022-29033", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JT2Go", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V13.3", version: { version_data: [ { version_value: "All versions < V13.3.0.3", }, ], }, }, { product_name: "Teamcenter Visualization V14.0", version: { version_data: [ { version_value: "All versions < V14.0.0.1", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-824: Access of Uninitialized Pointer", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-29033", datePublished: "2022-05-10T09:47:12", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:58.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41284
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:44.392Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41284", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41282
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.1.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T09:02:42.354Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2022-41282", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }