Vulnerabilites related to Siemens - Teamcenter Visualization V14.2
cve-2024-52574
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52574", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:40.018851Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.549Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:10.791Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52574", datePublished: "2024-11-18T15:39:38.552Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:10.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45474
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45474", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:31:40.050956Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:32:54.192Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:46.678Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45474", datePublished: "2024-10-08T08:40:35.938Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:46.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33122
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:34.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33122", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:40:14.247239Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:40:43.732Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:15.483Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33122", datePublished: "2023-06-13T08:17:15.483Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:40:43.732Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38075
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.592Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:27.558Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38075", datePublished: "2023-09-12T09:32:19.039Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26276
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.254", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.207", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.147", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26276", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:40:25.505191Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T14:53:58.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:18.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:02.376Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26276", datePublished: "2024-04-09T08:34:37.744Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:02.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45466
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45466", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:54:14.322264Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:55:03.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:36.281Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45466", datePublished: "2024-10-08T08:40:24.789Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:36.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34085
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0001 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "14.1.0.13", status: "affected", version: "14.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "14.2.0.10", status: "affected", version: "14.2", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt2go", vendor: "siemens", versions: [ { lessThan: "2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "2312.0001", status: "affected", version: "2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T14:07:42.511828Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T18:03:43.492Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.891Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.7", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T07:24:54.668Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-34085", datePublished: "2024-05-14T10:03:09.574Z", dateReserved: "2024-04-30T09:05:07.900Z", dateUpdated: "2024-08-02T02:42:59.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38524
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:55.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38524", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:57.876152Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:10:10.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.171", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 2, baseSeverity: "LOW", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:30.129Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38524", datePublished: "2023-08-08T09:20:32.849Z", dateReserved: "2023-07-19T09:55:44.209Z", dateUpdated: "2025-02-27T21:10:10.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52569
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52569", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T18:56:43.464014Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:57:44.608Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:04.159Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52569", datePublished: "2024-11-18T15:39:29.963Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:04.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33123
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:38
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33123", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:37:56.343806Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:38:42.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:16.585Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33123", datePublished: "2023-06-13T08:17:16.585Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:38:42.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45473
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45473", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:33:29.982590Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:34:24.919Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:45.407Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45473", datePublished: "2024-10-08T08:40:34.496Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:45.407Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38072
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:23.586Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38072", datePublished: "2023-09-12T09:32:15.739Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:13.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45475
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2403.0000", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45475", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:24:10.037333Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-16T19:37:08.060Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:47.953Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45475", datePublished: "2024-10-08T08:40:37.369Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:47.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52567
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52567", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:02:36.401253Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:04:07.097Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:01.572Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52567", datePublished: "2024-11-18T15:39:26.910Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:01.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45476
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45476", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:23:31.015742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:23:40.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:49.212Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45476", datePublished: "2024-10-08T08:40:38.819Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:49.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52570
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52570", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T18:54:23.506856Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:55:49.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:05.476Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52570", datePublished: "2024-11-18T15:39:32.522Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:05.476Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38070
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:21.001Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38070", datePublished: "2023-09-12T09:32:13.603Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38531
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-08-13 07:50
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:55.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.184", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:39.222Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38531", datePublished: "2023-08-08T09:20:40.773Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2024-08-13T07:50:39.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26277
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T19:51:56.120704Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:49:18.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:18.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:03.735Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26277", datePublished: "2024-04-09T08:34:38.896Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:03.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51745
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:40:34.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:17.032Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51745", datePublished: "2024-01-09T10:00:17.032Z", dateReserved: "2023-12-22T11:30:22.671Z", dateUpdated: "2024-08-02T22:40:34.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33121
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:41:54.698537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:42:09.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:14.419Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33121", datePublished: "2023-06-13T08:17:14.419Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:42:09.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33124
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:37
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.3 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33124", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T01:36:55.445166Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T01:37:31.531Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.0.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.8", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-13T08:17:17.687Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-33124", datePublished: "2023-06-13T08:17:17.687Z", dateReserved: "2023-05-17T13:17:47.573Z", dateUpdated: "2025-01-03T01:37:31.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38074
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:26.239Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38074", datePublished: "2023-09-12T09:32:17.948Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34086
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0001 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt2go", vendor: "siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "V14.1.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "14.2.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "14.3.0.7", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-34086", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T15:19:05.198442Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T18:22:25.821Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.7", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0001", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T07:24:55.854Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-34086", datePublished: "2024-05-14T10:03:10.774Z", dateReserved: "2024-04-30T09:05:07.900Z", dateUpdated: "2024-08-02T02:42:59.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52568
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.
An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52568", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:00:13.859137Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:01:12.420Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:02.868Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52568", datePublished: "2024-11-18T15:39:28.462Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:02.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38683
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38683", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:15:58.316782Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:16:08.622Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.14", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:48.395Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38683", datePublished: "2023-08-08T09:20:48.395Z", dateReserved: "2023-07-24T13:55:32.997Z", dateUpdated: "2024-10-11T13:16:08.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52573
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52573", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:35.292347Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:09.478Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52573", datePublished: "2024-11-18T15:39:37.042Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:09.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38527
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:55.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38527", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:16.187763Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:53.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:33.956Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38527", datePublished: "2023-08-08T09:20:36.244Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2025-02-27T21:09:53.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38073
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:24.893Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38073", datePublished: "2023-09-12T09:32:16.855Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-08-02T17:30:14.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45470
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45470", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:58:46.110148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:59:39.102Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:41.482Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45470", datePublished: "2024-10-08T08:40:30.348Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:41.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51439
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:10.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:14.394Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51439", datePublished: "2024-01-09T10:00:14.394Z", dateReserved: "2023-12-19T11:47:14.991Z", dateUpdated: "2024-08-02T22:32:10.018Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45467
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:38:23.939172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:39:16.044Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:37.546Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45467", datePublished: "2024-10-08T08:40:26.225Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:37.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52571
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52571", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T16:33:26.041394Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:34:15.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:06.770Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52571", datePublished: "2024-11-18T15:39:34.061Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:06.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38071
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-11-25 21:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38071", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T21:17:44.338467Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T21:17:56.790Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:22.297Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38071", datePublished: "2023-09-12T09:32:14.673Z", dateReserved: "2023-07-12T13:18:53.822Z", dateUpdated: "2024-11-25T21:17:56.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38682
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-11 13:17
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38682", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:17:15.547740Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T13:17:25.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.14", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.10", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:47.299Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38682", datePublished: "2023-08-08T09:20:47.299Z", dateReserved: "2023-07-24T13:55:32.996Z", dateUpdated: "2024-10-11T13:17:25.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37997
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2025-01-09 21:34
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: 0 < V11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt_open", vendor: "siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:plm_xml_sdk:v7.1.0.0014:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "plm_xml_sdk", vendor: "siemens", versions: [ { status: "affected", version: "V7.1.0.014", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T13:19:33.793225Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:34:46.837Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "PLM XML SDK", vendor: "Siemens", versions: [ { lessThan: "V7.1.0.014", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T08:40:15.076Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-959281.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-37997", datePublished: "2024-07-09T12:05:06.114Z", dateReserved: "2024-06-11T08:32:52.184Z", dateUpdated: "2025-01-09T21:34:46.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32637
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ps_iges_parasolid_translator_component", vendor: "siemens", versions: [ { lessThan: "v27.1.215 ", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32637", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:33.414539Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T18:07:35.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:07.678Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32637", datePublished: "2024-05-14T10:02:44.682Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:07.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45465
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45465", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:55:28.386353Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:56:10.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:34.990Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45465", datePublished: "2024-10-08T08:40:23.411Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:34.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32635
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.256", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.208", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.173", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32635", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:49.970409Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T17:27:51.096Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:05.071Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32635", datePublished: "2024-05-14T10:02:42.291Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:05.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53041
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2024-12-10 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53041", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:17:30.639993Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:19.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:12.113Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-53041", datePublished: "2024-12-10T13:54:12.113Z", dateReserved: "2024-11-19T16:38:17.725Z", dateUpdated: "2024-12-10T17:17:19.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32636
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0005 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:parasolid:35.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.256", status: "affected", version: "35.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.0.208", status: "affected", version: "36.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:36.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "36.1.173", status: "affected", version: "36.1", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32636", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T13:37:41.622204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T17:29:19.950Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:13:40.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.10", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:06.352Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-32636", datePublished: "2024-05-14T10:02:43.480Z", dateReserved: "2024-04-16T10:52:15.707Z", dateUpdated: "2024-08-13T07:54:06.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38525
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38525", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:18.935410Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:10:04.475Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.171", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:31.439Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38525", datePublished: "2023-08-08T09:20:33.970Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2025-02-27T21:10:04.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52565
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52565", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T20:14:21.266990Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T20:15:13.258Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:58.951Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52565", datePublished: "2024-11-18T15:39:23.758Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:53:58.951Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38530
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:55.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38530", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:07.859657Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:41.320Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.171", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:37.879Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38530", datePublished: "2023-08-08T09:20:39.660Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2025-02-27T21:09:41.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38076
Vulnerability from cvelistv5
Published
2023-09-12 09:32
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:13.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.0", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.1", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2201", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2201.0010", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2302.0004", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T11:03:28.851Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38076", datePublished: "2023-09-12T09:32:20.160Z", dateReserved: "2023-07-12T13:18:53.823Z", dateUpdated: "2024-08-02T17:30:13.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52572
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52572", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T17:58:30.237542Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T18:08:38.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:08.165Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52572", datePublished: "2024-11-18T15:39:35.577Z", dateReserved: "2024-11-14T12:25:53.336Z", dateUpdated: "2024-12-10T13:54:08.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28830
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-23 19:49
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.2.0.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T19:48:40.205775Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T19:49:54.534Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, { defaultStatus: "unknown", product: "Solid Edge SE2022", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V222.0 Update 13", }, ], }, { defaultStatus: "unknown", product: "Solid Edge SE2023", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V223.0 Update 4", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.2.0.15", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.11", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.5", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-08T09:20:17.760Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-131450.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-28830", datePublished: "2023-08-08T09:20:17.760Z", dateReserved: "2023-03-24T15:17:33.934Z", dateUpdated: "2024-10-23T19:49:54.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45463
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45463", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:57:35.555424Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:58:18.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:32.457Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45463", datePublished: "2024-10-08T08:40:20.648Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:32.457Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45472
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45472", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:35:13.200910Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:36:03.973Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:44.084Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45472", datePublished: "2024-10-08T08:40:33.124Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:44.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37996
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT Open |
Version: 0 < V11.5 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37996", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-15T18:31:15.685735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-15T18:31:24.493Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT Open", vendor: "Siemens", versions: [ { lessThan: "V11.5", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "PLM XML SDK", vendor: "Siemens", versions: [ { lessThan: "V7.1.0.014", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.13", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0003", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T08:40:13.781Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824889.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-959281.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-37996", datePublished: "2024-07-09T12:05:04.781Z", dateReserved: "2024-06-11T08:32:52.184Z", dateUpdated: "2024-10-08T08:40:13.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45471
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45471", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:36:27.266520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:37:15.861Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:42.763Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45471", datePublished: "2024-10-08T08:40:31.722Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:42.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51746
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-09-04 15:14
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:48:11.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-51746", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T15:13:57.367529Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T15:14:05.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:18.333Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51746", datePublished: "2024-01-09T10:00:18.333Z", dateReserved: "2023-12-22T11:30:22.672Z", dateUpdated: "2024-09-04T15:14:05.889Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45469
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:00:04.351211Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:00:51.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:40.143Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45469", datePublished: "2024-10-08T08:40:28.955Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:40.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52566
Vulnerability from cvelistv5
Published
2024-11-18 15:39
Modified
2024-12-10 13:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52566", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T19:50:45.809688Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T19:51:41.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2406", vendor: "Siemens", versions: [ { lessThan: "V2406.0005", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0018", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0007", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:00.271Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-52566", datePublished: "2024-11-18T15:39:25.382Z", dateReserved: "2024-11-14T12:25:53.335Z", dateUpdated: "2024-12-10T13:54:00.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51744
Vulnerability from cvelistv5
Published
2024-01-09 10:00
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: All versions < V14.3.0.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:40:34.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V13.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V13.3.0.13", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.1.0.12", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.2.0.9", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V14.3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T10:00:15.708Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-51744", datePublished: "2024-01-09T10:00:15.708Z", dateReserved: "2023-12-22T11:30:22.671Z", dateUpdated: "2024-08-02T22:40:34.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26275
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-08-13 07:54
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | JT2Go |
Version: 0 < V2312.0004 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jt2go", vendor: "siemens", versions: [ { lessThan: "2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:parasolid:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "parasolid", vendor: "siemens", versions: [ { lessThan: "35.1.254", status: "affected", version: "0", versionType: "custom", }, { lessThan: "36.0.207", status: "affected", version: "0", versionType: "custom", }, { lessThan: "36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:14.3:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "teamcenter_visualization", vendor: "siemens", versions: [ { lessThan: "*", status: "affected", version: "14.2", versionType: "custom", }, { lessThan: "14.3.0.9", status: "affected", version: "14.3", versionType: "custom", }, { lessThan: "2312.0004", status: "affected", version: "2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T15:24:40.222186Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T18:33:02.344Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:19.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "JT2Go", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.0", vendor: "Siemens", versions: [ { lessThan: "V36.0.207", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V36.1", vendor: "Siemens", versions: [ { lessThan: "V36.1.147", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:54:00.911Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-222019.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-771940.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-26275", datePublished: "2024-04-09T08:34:36.604Z", dateReserved: "2024-02-15T10:54:03.168Z", dateUpdated: "2024-08-13T07:54:00.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45468
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45468", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:01:11.210658Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:01:55.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:38.837Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45468", datePublished: "2024-10-08T08:40:27.584Z", dateReserved: "2024-08-29T11:28:48.106Z", dateUpdated: "2024-12-10T13:53:38.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38529
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38529", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:14.166450Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:47.625Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.184", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.9", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0004", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:36.555Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38529", datePublished: "2023-08-08T09:20:38.540Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2025-02-27T21:09:47.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38532
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-11-25 21:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:55.753Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38532", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T21:18:19.531895Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T21:18:29.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.171", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:40.643Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38532", datePublished: "2023-08-08T09:20:41.916Z", dateReserved: "2023-07-19T09:55:44.211Z", dateUpdated: "2024-11-25T21:18:29.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53242
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2024-12-10 17:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53242", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:17:17.154033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:29.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:54:13.403Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-53242", datePublished: "2024-12-10T13:54:13.403Z", dateReserved: "2024-11-19T17:51:57.294Z", dateUpdated: "2024-12-10T17:17:29.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38528
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2024-10-15 18:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38528", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:47.058198Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T18:33:06.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.197", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.184", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:35.245Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38528", datePublished: "2023-08-08T09:20:37.393Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2024-10-15T18:33:06.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45464
Vulnerability from cvelistv5
Published
2024-10-08 08:40
Modified
2024-12-10 13:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Teamcenter Visualization V14.2 |
Version: 0 < V14.2.0.14 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tecnomatix_plant_simulation", vendor: "siemens", versions: [ { lessThan: "2302.0016", status: "affected", version: "2302.0", versionType: "custom", }, { lessThan: "2404.0005", status: "affected", version: "2404.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45464", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:56:24.994180Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:57:16.357Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.14", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V2312", vendor: "Siemens", versions: [ { lessThan: "V2312.0008", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2302", vendor: "Siemens", versions: [ { lessThan: "V2302.0016", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Tecnomatix Plant Simulation V2404", vendor: "Siemens", versions: [ { lessThan: "V2404.0005", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-10T13:53:33.725Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-45464", datePublished: "2024-10-08T08:40:22.016Z", dateReserved: "2024-08-29T11:28:48.105Z", dateUpdated: "2024-12-10T13:53:33.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38526
Vulnerability from cvelistv5
Published
2023-08-08 09:20
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Parasolid V34.1 |
Version: 0 < V34.1.258 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38526", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:17.639474Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:58.842Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Parasolid V34.1", vendor: "Siemens", versions: [ { lessThan: "V34.1.258", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.0", vendor: "Siemens", versions: [ { lessThan: "V35.0.254", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Parasolid V35.1", vendor: "Siemens", versions: [ { lessThan: "V35.1.171", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.1", vendor: "Siemens", versions: [ { lessThan: "V14.1.0.11", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.2", vendor: "Siemens", versions: [ { lessThan: "V14.2.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Teamcenter Visualization V14.3", vendor: "Siemens", versions: [ { lessThan: "V14.3.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-13T07:50:32.703Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-407785.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2023-38526", datePublished: "2023-08-08T09:20:35.106Z", dateReserved: "2023-07-19T09:55:44.210Z", dateUpdated: "2025-02-27T21:09:58.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }