Action not permitted
Modal body text goes here.
CVE-2022-41283
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf | Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.2.0.12" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V13.3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V13.3.0.8" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.0", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.0.0.4" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1.0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-11T09:02:43.378Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-41283", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:42:44.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-41283\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2022-12-13T16:15:22.697\",\"lastModified\":\"2023-04-11T10:15:16.953\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en:\\nJT2Go (Todas las versiones \u0026lt; V14.1.0.6), \\nTeamcenter Visualization V13.2 (Todas las versiones \u0026lt; V13.2.0.12), \\nTeamcenter Visualization V13.3 (Todas las versiones \u0026lt; V13.3.0. 8), \\nTeamcenter Visualization V14.0 (todas las versiones \u0026lt; V14.0.0.4), \\nTeamcenter Visualization V14.1 (todas las versiones \u0026lt; V14.1.0.6). \\nCGM_NIST_Loader.dll contiene una vulnerabilidad de escritura fuera de los l\u00edmites al analizar un archivo CGM. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A264819D-B571-4E10-98CE-7D1E2C04D312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.2.0\",\"versionEndExcluding\":\"13.2.0.12\",\"matchCriteriaId\":\"2CB3887E-4564-4715-B27F-5BE6757EE960\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.3.0\",\"versionEndExcluding\":\"13.3.0.8\",\"matchCriteriaId\":\"DF82E5C7-68B6-456B-9658-CCF1FB1DC4D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.0.0.4\",\"matchCriteriaId\":\"B0296066-2DC4-407F-9AA9-49BE916988C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1.0.6\",\"matchCriteriaId\":\"D8922308-85AE-4EAE-BF4A-7CE54201713B\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
var-202212-1163
Vulnerability from variot
A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens' JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202212-1163", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.2.0.12" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.1.0.6" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.2.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "13.3.0.8" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.1" }, { "model": "jt2go", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "teamcenter visualization", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "13.3.0" }, { "model": "teamcenter visualization", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14.0.0.4" }, { "model": "teamcenter visualization", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "jt2go", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-41283" } ] }, "cve": "CVE-2022-41283", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "OTHER", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-023188", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-41283", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-41283", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-023188", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202212-3109", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. Siemens\u0027 JT2Go and Teamcenter Visualization Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "JVNDB", "id": "JVNDB-2022-023188" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-41283", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-700053", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-22-349-20", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-023188", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202212-3109", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "id": "VAR-202212-1163", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15799868 }, "last_update_date": "2023-12-18T11:18:04.462000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens part of the product Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217847" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41283" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-41283/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "db": "NVD", "id": "CVE-2022-41283" }, { "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "date": "2022-12-13T16:15:22.697000", "db": "NVD", "id": "CVE-2022-41283" }, { "date": "2022-12-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-28T02:20:00", "db": "JVNDB", "id": "JVNDB-2022-023188" }, { "date": "2023-04-11T10:15:16.953000", "db": "NVD", "id": "CVE-2022-41283" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202212-3109" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens\u0027 \u00a0JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-023188" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202212-3109" } ], "trust": 0.6 } }
icsa-22-349-20
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "names": [ "Jin Huang" ], "organization": "ADLab of Venustech", "summary": "reporting these vulnerabilities to Siemens" }, { "names": [ "Mat Powell" ], "organization": "Trend Micro Zero Day Initiative", "summary": "reporting these vulnerabilities to Siemens" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities by tricking a user into opening a malicious file with the affected products could lead the application to crash or lead to arbitrary code execution.", "title": "Risk evaluation" }, { "category": "other", "text": " Multiple Sectors", "title": "Critical infrastructure sectors" }, { "category": "other", "text": " Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": " Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-700053: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-700053.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-349-20 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-349-20.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-349-20 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-20" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "SSA-700053: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-700053.html" }, { "category": "external", "summary": "SSA-700053: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "category": "external", "summary": "SSA-700053: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-700053.txt" } ], "title": "Siemens Teamcenter Visualization and JT2Go", "tracking": { "current_release_date": "2022-12-15T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-22-349-20", "initial_release_date": "2022-12-15T00:00:00.000000Z", "revision_history": [ { "date": "2022-12-15T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "Publication Date" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV14.1.0.6", "product": { "name": "JT2Go", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "JT2Go" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV13.2.0.12", "product": { "name": "Teamcenter Visualization V13.2", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "Teamcenter Visualization V13.2" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV13.3.0.9", "product": { "name": "Teamcenter Visualization V13.3", "product_id": "CSAFPID-0003" } }, { "category": "product_version_range", "name": "vers:all/\u003cV13.3.0.8", "product": { "name": "Teamcenter Visualization V13.3", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "Teamcenter Visualization V13.3" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV14.0.0.5", "product": { "name": "Teamcenter Visualization V14.0", "product_id": "CSAFPID-0005" } }, { "category": "product_version_range", "name": "vers:all/\u003cV14.0.0.4", "product": { "name": "Teamcenter Visualization V14.0", "product_id": "CSAFPID-0006" } } ], "category": "product_name", "name": "Teamcenter Visualization V14.0" }, { "branches": [ { "category": "product_version_range", "name": "vers:all/\u003cV14.1.0.6", "product": { "name": "Teamcenter Visualization V14.1", "product_id": "CSAFPID-0007" } } ], "category": "product_name", "name": "Teamcenter Visualization V14.1" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-41278", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41278" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41278" }, { "cve": "CVE-2022-41279", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41279" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41279" }, { "cve": "CVE-2022-41280", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41280" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41280" }, { "cve": "CVE-2022-41281", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41281" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41281" }, { "cve": "CVE-2022-41282", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41282" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41282" }, { "cve": "CVE-2022-41283", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41283" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41283" }, { "cve": "CVE-2022-41284", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41284" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41284" }, { "cve": "CVE-2022-41285", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41285" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41285" }, { "cve": "CVE-2022-41286", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41286" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41286" }, { "cve": "CVE-2022-41287", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41287" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41287" }, { "cve": "CVE-2022-41288", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41288" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-41288" }, { "cve": "CVE-2022-45484", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0003", "CSAFPID-0006", "CSAFPID-0005", "CSAFPID-0007" ] }, "references": [ { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45484" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "Do not open untrusted CGM or RAS files in JT2Go and Teamcenter Visualization", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0003", "CSAFPID-0006", "CSAFPID-0005", "CSAFPID-0007" ] }, { "category": "vendor_fix", "details": "Update to V13.3.0.9 or later version", "product_ids": [ "CSAFPID-0004" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.5 or later version", "product_ids": [ "CSAFPID-0006" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html" }, { "category": "vendor_fix", "details": "Update to V13.3.0.8 or later version", "product_ids": [ "CSAFPID-0003" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.0.0.4 or later version", "product_ids": [ "CSAFPID-0005" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V14.1.0.6 or later version", "product_ids": [ "CSAFPID-0007" ], "url": "https://support.sw.siemens.com/" }, { "category": "vendor_fix", "details": "Update to V13.2.0.12 or later version", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.sw.siemens.com/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0003", "CSAFPID-0006", "CSAFPID-0005", "CSAFPID-0007" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", "CSAFPID-0003", "CSAFPID-0006", "CSAFPID-0005", "CSAFPID-0007" ] } ], "title": "CVE-2022-45484" } ] }
gsd-2022-41283
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-41283", "id": "GSD-2022-41283" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-41283" ], "details": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "id": "GSD-2022-41283", "modified": "2023-12-13T01:19:32.386575Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-41283", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "JT2Go", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V14.1.0.6" } ] } }, { "product_name": "Teamcenter Visualization V13.2", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V13.2.0.12" } ] } }, { "product_name": "Teamcenter Visualization V13.3", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V13.3.0.8" } ] } }, { "product_name": "Teamcenter Visualization V14.0", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V14.0.0.4" } ] } }, { "product_name": "Teamcenter Visualization V14.1", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V14.1.0.6" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ] }, "impact": { "cvss": [ { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-787", "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.1.0.6", "versionStartIncluding": "14.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.0.0.4", "versionStartIncluding": "14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.3.0.8", "versionStartIncluding": "13.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.2.0.12", "versionStartIncluding": "13.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:jt2go:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2022-41283" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions \u003c V14.1.0.6), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "N/A", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } }, "lastModifiedDate": "2023-04-11T10:15Z", "publishedDate": "2022-12-13T16:15Z" } } }
ghsa-r6c2-xfmc-vgjm
Vulnerability from github
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.
{ "affected": [], "aliases": [ "CVE-2022-41283" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-12-13T16:15:00Z", "severity": "HIGH" }, "details": "A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions \u003c V13.2.0.12), Teamcenter Visualization V13.3 (All versions \u003c V13.3.0.8), Teamcenter Visualization V14.0 (All versions \u003c V14.0.0.4), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.", "id": "GHSA-r6c2-xfmc-vgjm", "modified": "2022-12-15T18:30:17Z", "published": "2022-12-13T18:30:33Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41283" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
wid-sec-w-2022-2296
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JT ist ein von Siemens Ditgital Industries entwickeltes Datenformat. JT2Go ist ein kostenloser Betrachter f\u00fcr 3D-JT-Daten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Siemens JT2Go ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren oder einen Denial of Service zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2296 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2296.json" }, { "category": "self", "summary": "WID-SEC-2022-2296 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2296" }, { "category": "external", "summary": "Siemens Security Advisory by Siemens ProductCERT vom 2022-12-12", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdf" }, { "category": "external", "summary": "Siemens Security Advisory by Siemens ProductCERT vom 2022-12-12", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-360681.pdf" } ], "source_lang": "en-US", "title": "Siemens JT2Go: Mehrere Schwachstellen", "tracking": { "current_release_date": "2022-12-12T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:06:11.826+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2296", "initial_release_date": "2022-12-12T23:00:00.000+00:00", "revision_history": [ { "date": "2022-12-12T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Siemens JT2Go", "product": { "name": "Siemens JT2Go", "product_id": "862941", "product_identification_helper": { "cpe": "cpe:/a:siemens:jt2go:-" } } }, { "category": "product_name", "name": "Siemens JT2Go \u003c 14.1.0.5", "product": { "name": "Siemens JT2Go \u003c 14.1.0.5", "product_id": "T025557", "product_identification_helper": { "cpe": "cpe:/a:siemens:jt2go:v14.1.0.5" } } } ], "category": "product_name", "name": "JT2Go" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-41286", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41286" }, { "cve": "CVE-2022-41285", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41285" }, { "cve": "CVE-2022-41284", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41284" }, { "cve": "CVE-2022-41283", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41283" }, { "cve": "CVE-2022-41282", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41282" }, { "cve": "CVE-2022-41281", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese bestehen aufgrund von Out-of-bounds Read, Out-of-bounds Write und Use After Free Problemen beim Parsen von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41281" }, { "cve": "CVE-2022-45484", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-45484" }, { "cve": "CVE-2022-41288", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41288" }, { "cve": "CVE-2022-41287", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41287" }, { "cve": "CVE-2022-41280", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41280" }, { "cve": "CVE-2022-41279", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41279" }, { "cve": "CVE-2022-41278", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der CGM_NIST_Loader.dll. Diese beruhen auf Nullzeiger-Dereferenzierungen und Fehlern in der Speicherbehandlung w\u00e4hrend des Parsens von CGM Dateien. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-41278" }, { "cve": "CVE-2022-3161", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der APDFL.dll. Diese beruhen auf Puffer\u00fcberl\u00e4ufen und Fehlern in der Speicherverwaltung beim Parsen speziell gestalteter PDF-Dateien. Ein Angreifer kann diese Schwachstelle ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-3161" }, { "cve": "CVE-2022-3160", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der APDFL.dll. Diese beruhen auf Puffer\u00fcberl\u00e4ufen und Fehlern in der Speicherverwaltung beim Parsen speziell gestalteter PDF-Dateien. Ein Angreifer kann diese Schwachstelle ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-3160" }, { "cve": "CVE-2022-3159", "notes": [ { "category": "description", "text": "In Siemens JT2Go existieren mehrere Schwachstellen in der APDFL.dll. Diese beruhen auf Puffer\u00fcberl\u00e4ufen und Fehlern in der Speicherverwaltung beim Parsen speziell gestalteter PDF-Dateien. Ein Angreifer kann diese Schwachstelle ausnutzen, um Code im Kontext des aktuellen Prozesses auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "862941" ] }, "release_date": "2022-12-12T23:00:00Z", "title": "CVE-2022-3159" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.