All the vulnerabilites related to Siemens - Teamcenter Visualization V14.2
cve-2023-33123
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:16.585Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33123", "datePublished": "2023-06-13T08:17:16.585Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33122
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:34.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:15.483Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33122", "datePublished": "2023-06-13T08:17:15.483Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:34.343Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51744
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:40:34.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:15.708Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51744", "datePublished": "2024-01-09T10:00:15.708Z", "dateReserved": "2023-12-22T11:30:22.671Z", "dateUpdated": "2024-08-02T22:40:34.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38528
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-15 18:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38528", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:15:47.058198Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T18:33:06.845Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.197", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.184", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.197), Parasolid V35.1 (All versions \u003c V35.1.184), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:35.245Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38528", "datePublished": "2023-08-08T09:20:37.393Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-10-15T18:33:06.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38075
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:27.558Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38075", "datePublished": "2023-09-12T09:32:19.039Z", "dateReserved": "2023-07-12T13:18:53.823Z", "dateUpdated": "2024-08-02T17:30:13.592Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38531
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.184", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:39.222Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38531", "datePublished": "2023-08-08T09:20:40.773Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:39.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51746
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-09-04 15:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:48:11.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-51746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T15:13:57.367529Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T15:14:05.889Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:18.333Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51746", "datePublished": "2024-01-09T10:00:18.333Z", "dateReserved": "2023-12-22T11:30:22.672Z", "dateUpdated": "2024-09-04T15:14:05.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38532
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.753Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.171", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.171), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:40.643Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38532", "datePublished": "2023-08-08T09:20:41.916Z", "dateReserved": "2023-07-19T09:55:44.211Z", "dateUpdated": "2024-08-13T07:50:40.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33124
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.997Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:17.687Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33124", "datePublished": "2023-06-13T08:17:17.687Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37996
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37996", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T18:31:15.685735Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T18:31:24.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:13.781Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37996", "datePublished": "2024-07-09T12:05:04.781Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:13.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38529
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.184", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:36.555Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38529", "datePublished": "2023-08-08T09:20:38.540Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:36.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32635
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.256", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.208", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.173", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32635", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:49.970409Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:27:51.096Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:05.071Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32635", "datePublished": "2024-05-14T10:02:42.291Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:05.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38071
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:22.297Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38071", "datePublished": "2023-09-12T09:32:14.673Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:13.596Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38072
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:23.586Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38072", "datePublished": "2023-09-12T09:32:15.739Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:13.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26275
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.254", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "36.0.207", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "14.2", "versionType": "custom" }, { "lessThan": "14.3.0.9", "status": "affected", "version": "14.3", "versionType": "custom" }, { "lessThan": "2312.0004", "status": "affected", "version": "2312", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26275", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T15:24:40.222186Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T18:33:02.344Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:19.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:00.911Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26275", "datePublished": "2024-04-09T08:34:36.604Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:00.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38070
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:21.001Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38070", "datePublished": "2023-09-12T09:32:13.603Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38683
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38683", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T13:15:58.316782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T13:16:08.622Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.14" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:48.395Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38683", "datePublished": "2023-08-08T09:20:48.395Z", "dateReserved": "2023-07-24T13:55:32.997Z", "dateUpdated": "2024-10-11T13:16:08.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33121
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.3), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.13), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.10), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.6), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.8), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-13T08:17:14.419Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-33121", "datePublished": "2023-06-13T08:17:14.419Z", "dateReserved": "2023-05-17T13:17:47.573Z", "dateUpdated": "2024-08-02T15:39:35.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38525
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.171", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.171), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:31.439Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38525", "datePublished": "2023-08-08T09:20:33.970Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:31.439Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34086
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T15:19:05.198442Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:22:25.821Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.\r\nThis could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:55.854Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-34086", "datePublished": "2024-05-14T10:03:10.774Z", "dateReserved": "2024-04-30T09:05:07.900Z", "dateUpdated": "2024-08-02T02:42:59.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32637
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32637", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:33.414539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T18:07:35.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:07.678Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32637", "datePublished": "2024-05-14T10:02:44.682Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:07.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38526
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.171", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.171), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:32.703Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38526", "datePublished": "2023-08-08T09:20:35.106Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:32.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38527
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:33.956Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38527", "datePublished": "2023-08-08T09:20:36.244Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:33.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38073
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.105Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:24.893Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38073", "datePublished": "2023-09-12T09:32:16.855Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51745
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:40:34.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:17.032Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51745", "datePublished": "2024-01-09T10:00:17.032Z", "dateReserved": "2023-12-22T11:30:22.671Z", "dateUpdated": "2024-08-02T22:40:34.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37997
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt_open", "vendor": "siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:plm_xml_sdk:v7.1.0.0014:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "plm_xml_sdk", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V7.1.0.014" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37997", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:19:33.793225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:25:16.197Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:15.076Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37997", "datePublished": "2024-07-09T12:05:06.114Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:15.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26277
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26277", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-09T19:51:56.120704Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:18.998Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:18.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:03.735Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26277", "datePublished": "2024-04-09T08:34:38.896Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:03.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38524
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.171", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.171), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:30.129Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38524", "datePublished": "2023-08-08T09:20:32.849Z", "dateReserved": "2023-07-19T09:55:44.209Z", "dateUpdated": "2024-08-13T07:50:30.129Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38074
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:26.239Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38074", "datePublished": "2023-09-12T09:32:17.948Z", "dateReserved": "2023-07-12T13:18:53.822Z", "dateUpdated": "2024-08-02T17:30:14.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51439
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:32:10.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.13" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.9" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.6), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.13), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.12), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.9), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T10:00:14.394Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-51439", "datePublished": "2024-01-09T10:00:14.394Z", "dateReserved": "2023-12-19T11:47:14.991Z", "dateUpdated": "2024-08-02T22:32:10.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26276
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.254", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.207", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.147", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26276", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:40:25.505191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T14:53:58.636Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:07:18.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.0", "vendor": "Siemens", "versions": [ { "lessThan": "V36.0.207", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V36.1", "vendor": "Siemens", "versions": [ { "lessThan": "V36.1.147", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0004", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0004), Parasolid V35.1 (All versions \u003c V35.1.254), Parasolid V36.0 (All versions \u003c V36.0.207), Parasolid V36.1 (All versions \u003c V36.1.147), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.9), Teamcenter Visualization V2312 (All versions \u003c V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:02.376Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-222019.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-26276", "datePublished": "2024-04-09T08:34:37.744Z", "dateReserved": "2024-02-15T10:54:03.168Z", "dateUpdated": "2024-08-13T07:54:02.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38076
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:13.747Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.3.0.1" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2201", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2201.0010" } ] }, { "defaultStatus": "unknown", "product": "Tecnomatix Plant Simulation V2302", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2302.0004" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.3.0.1), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions \u003c V2201.0010), Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-14T11:03:28.851Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38076", "datePublished": "2023-09-12T09:32:20.160Z", "dateReserved": "2023-07-12T13:18:53.823Z", "dateUpdated": "2024-08-02T17:30:13.747Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32636
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "35.1.256", "status": "affected", "version": "35.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.0.208", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "parasolid", "vendor": "siemens", "versions": [ { "lessThan": "36.1.173", "status": "affected", "version": "36.1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32636", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:41.622204Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:29:19.950Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:13:40.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0005", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0005), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.12), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.10), Teamcenter Visualization V2312 (All versions \u003c V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:06.352Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32636", "datePublished": "2024-05-14T10:02:43.480Z", "dateReserved": "2024-04-16T10:52:15.707Z", "dateUpdated": "2024-08-13T07:54:06.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38682
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38682", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T13:17:15.547740Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T13:17:25.296Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.14" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.10" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.14), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.10), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:47.299Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38682", "datePublished": "2023-08-08T09:20:47.299Z", "dateReserved": "2023-07-24T13:55:32.996Z", "dateUpdated": "2024-10-11T13:17:25.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34085
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.1.0.13", "status": "affected", "version": "14.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.2.0.10", "status": "affected", "version": "14.2", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "2312.0001", "status": "affected", "version": "2312", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34085", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T14:07:42.511828Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:03:43.492Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:42:59.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0001", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-15T07:24:54.668Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-34085", "datePublished": "2024-05-14T10:03:09.574Z", "dateReserved": "2024-04-30T09:05:07.900Z", "dateUpdated": "2024-08-02T02:42:59.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38530
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Parasolid V34.1", "vendor": "Siemens", "versions": [ { "lessThan": "V34.1.258", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.0", "vendor": "Siemens", "versions": [ { "lessThan": "V35.0.254", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Parasolid V35.1", "vendor": "Siemens", "versions": [ { "lessThan": "V35.1.171", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.171), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:50:37.879Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38530", "datePublished": "2023-08-08T09:20:39.660Z", "dateReserved": "2023-07-19T09:55:44.210Z", "dateUpdated": "2024-08-13T07:50:37.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28830
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-23 19:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28830", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T19:48:40.205775Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T19:49:54.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2022", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V222.0 Update 13" } ] }, { "defaultStatus": "unknown", "product": "Solid Edge SE2023", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V223.0 Update 4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.15" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.11" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.2.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.2.0.5), Solid Edge SE2022 (All versions \u003c V222.0 Update 13), Solid Edge SE2023 (All versions \u003c V223.0 Update 4), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.15), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.11), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.11), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-08T09:20:17.760Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-28830", "datePublished": "2023-08-08T09:20:17.760Z", "dateReserved": "2023-03-24T15:17:33.934Z", "dateUpdated": "2024-10-23T19:49:54.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }