Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-34320 (GCVE-0-2021-34320)
Vulnerability from cvelistv5 – Published: 2021-07-13 11:03 – Updated: 2024-08-04 00:05
VLAI?
EPSS
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)
Severity ?
No CVSS data available.
CWE
- CWE-126 - Buffer Over-read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | JT2Go |
Affected:
All versions < V13.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JT2Go",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2"
}
]
},
{
"product": "Teamcenter Visualization",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T10:07:24",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-34320",
"datePublished": "2021-07-13T11:03:36",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-08-04T00:05:52.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.2.0\", \"matchCriteriaId\": \"CAFFF33E-9758-4C92-B2BF-2CF0E2EA6217\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.2.0\", \"matchCriteriaId\": \"6C391214-6E11-4196-BF69-5327069864D8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.2), Teamcenter Visualization (Todas las versiones anteriores a V13.2). La biblioteca Jt981.dll de las aplicaciones afectadas no comprueba apropiadamente los datos proporcionados por el usuario cuando se analizan los archivos JT. Esto podr\\u00eda resultar en una lectura fuera de l\\u00edmites m\\u00e1s all\\u00e1 del final de un b\\u00fafer asignado. Un atacante podr\\u00eda aprovechar esta vulnerabilidad para filtrar informaci\\u00f3n en el contexto del proceso actual. (ZDI-CAN-13406)\"}]",
"id": "CVE-2021-34320",
"lastModified": "2024-11-21T06:10:09.567",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-07-13T11:15:12.450",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-856/\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-21-856/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-126\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-34320\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-07-13T11:15:12.450\",\"lastModified\":\"2024-11-21T06:10:09.567\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.2), Teamcenter Visualization (Todas las versiones anteriores a V13.2). La biblioteca Jt981.dll de las aplicaciones afectadas no comprueba apropiadamente los datos proporcionados por el usuario cuando se analizan los archivos JT. Esto podr\u00eda resultar en una lectura fuera de l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante podr\u00eda aprovechar esta vulnerabilidad para filtrar informaci\u00f3n en el contexto del proceso actual. (ZDI-CAN-13406)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-126\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.2.0\",\"matchCriteriaId\":\"CAFFF33E-9758-4C92-B2BF-2CF0E2EA6217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.2.0\",\"matchCriteriaId\":\"6C391214-6E11-4196-BF69-5327069864D8\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-856/\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-856/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
GSD-2021-34320
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-34320",
"description": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)",
"id": "GSD-2021-34320"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-34320"
],
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)",
"id": "GSD-2021-34320",
"modified": "2023-12-13T01:23:14.573423Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34320"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-07T20:47Z",
"publishedDate": "2021-07-13T11:15Z"
}
}
}
GHSA-QQ74-QXGG-PH3J
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00
VLAI?
Details
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-34320"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)",
"id": "GHSA-qq74-qxgg-ph3j",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34320"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
SSA-483182
Vulnerability from csaf_siemens - Published: 2021-07-13 00:00 - Updated: 2021-07-13 00:00Summary
SSA-483182: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Notes
Summary
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution on the target host system.
Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"acknowledgments": [
{
"organization": "Trend Micro Zero Day Initiative",
"summary": "coordinated disclosure"
}
],
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution on the target host system.\n\nSiemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-483182: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"category": "self",
"summary": "SSA-483182: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-483182.txt"
},
{
"category": "self",
"summary": "SSA-483182: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-483182.json"
}
],
"title": "SSA-483182: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2",
"tracking": {
"current_release_date": "2021-07-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-483182",
"initial_release_date": "2021-07-13T00:00:00Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V13.2",
"product": {
"name": "JT2Go",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "JT2Go"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V13.2",
"product": {
"name": "Teamcenter Visualization",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Teamcenter Visualization"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34291",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34291 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34291 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34291.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34291"
},
{
"cve": "CVE-2021-34292",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34292 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34292 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34292.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34292"
},
{
"cve": "CVE-2021-34293",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34293 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34293 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34293.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34293"
},
{
"cve": "CVE-2021-34294",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34294 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34294 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34294.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34294"
},
{
"cve": "CVE-2021-34295",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34295 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34295 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34295.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34295"
},
{
"cve": "CVE-2021-34296",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34296 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34296 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34296.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34296"
},
{
"cve": "CVE-2021-34297",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34297 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34297 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34297.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34297"
},
{
"cve": "CVE-2021-34298",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34298 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34298 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34298.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34298"
},
{
"cve": "CVE-2021-34299",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34299 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34299 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34299.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34299"
},
{
"cve": "CVE-2021-34300",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34300 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34300 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34300.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34300"
},
{
"cve": "CVE-2021-34301",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34301 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34301 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34301.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34301"
},
{
"cve": "CVE-2021-34302",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34302 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34302 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34302.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34302"
},
{
"cve": "CVE-2021-34303",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34303 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34303 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34303.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34303"
},
{
"cve": "CVE-2021-34304",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34304 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34304 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34304.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34304"
},
{
"cve": "CVE-2021-34305",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34305 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34305 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34305.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34305"
},
{
"cve": "CVE-2021-34306",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34306 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34306 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34306.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34306"
},
{
"cve": "CVE-2021-34307",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34307 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34307 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34307.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34307"
},
{
"cve": "CVE-2021-34308",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34308 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34308 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34308.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34308"
},
{
"cve": "CVE-2021-34309",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34309 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34309 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34309.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34309"
},
{
"cve": "CVE-2021-34310",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34310 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34310 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34310.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34310"
},
{
"cve": "CVE-2021-34311",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34311 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34311 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34311.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34311"
},
{
"cve": "CVE-2021-34312",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34312 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34312 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34312.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34312"
},
{
"cve": "CVE-2021-34313",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34313 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34313 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34313.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34313"
},
{
"cve": "CVE-2021-34314",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34314 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34314 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34314.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34314"
},
{
"cve": "CVE-2021-34315",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34315 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34315 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34315.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34315"
},
{
"cve": "CVE-2021-34316",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34316 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34316 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34316.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34316"
},
{
"cve": "CVE-2021-34317",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34317 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34317 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34317"
},
{
"cve": "CVE-2021-34318",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34318 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34318 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34318.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34318"
},
{
"cve": "CVE-2021-34319",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34319 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34319 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34319.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34319"
},
{
"cve": "CVE-2021-34320",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34320 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34320 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34320.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34320"
},
{
"cve": "CVE-2021-34321",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34321 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34321 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34321.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34321"
},
{
"cve": "CVE-2021-34322",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34322 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34322 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34322.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34322"
},
{
"cve": "CVE-2021-34323",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34323 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34323 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34323.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34323"
},
{
"cve": "CVE-2021-34324",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34324 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34324 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34324.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34324"
},
{
"cve": "CVE-2021-34325",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34325 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34325 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34325.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34325"
},
{
"cve": "CVE-2021-34326",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34326 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34326 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34326.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34326"
},
{
"cve": "CVE-2021-34327",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34327 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34327 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34327.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34327"
},
{
"cve": "CVE-2021-34328",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34328 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34328 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34328.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34328"
},
{
"cve": "CVE-2021-34329",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34329 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34329 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34329.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34329"
},
{
"cve": "CVE-2021-34330",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34330 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34330 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34330.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34330"
},
{
"cve": "CVE-2021-34331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34331 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34331 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34331.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34331"
},
{
"cve": "CVE-2021-34332",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34332 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34332 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34332.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34332"
},
{
"cve": "CVE-2021-34333",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-34333 - JT2Go",
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"summary": "CVE-2021-34333 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-34333.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"1"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "vendor_fix",
"details": "Update to V13.2",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Avoid to open untrusted files from unknown sources in JT2Go and Teamcenter Visualization",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-34333"
}
]
}
CERTFR-2021-AVI-518
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMIT Simulation Platform toutes les versions | ||
| Siemens | N/A | JT Utilities toutes les versions antérieures à 13.0.2.0 | ||
| Siemens | N/A | SICAM 230 toutes les versions | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions | ||
| Siemens | N/A | TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions antérieures à 2.2 | ||
| Siemens | N/A | SINEC INS toutes les versions | ||
| Siemens | N/A | Les produits Teamcenter, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | Les produits SINAMICS, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV PROFINET toutes les versions antérieures à 2.1.3 | ||
| Siemens | N/A | SOFTNET-IE PNIO toutes les versions | ||
| Siemens | N/A | PSS CAPE Protection Simulation Platform:CAPE 14 installé avant le 16 juin | ||
| Siemens | N/A | SINEMA Server V14.0.2.x | ||
| Siemens | N/A | Les produits SINUMERIK, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | JT2Go toutes les versions antérieures à 13.2 | ||
| Siemens | N/A | Les produits Mendix, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV Ethernet/IP toutes les versions antérieures à 1.1.3 | ||
| Siemens | N/A | SINEC NMS:V1.0 SP1, V1.0 SP1 antérieures à version V1.0 SP2 | ||
| Siemens | N/A | Les produits SCALANCE, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | TIA Administrator toutes les versions | ||
| Siemens | N/A | RWG1.M12D toutes les versions | ||
| Siemens | N/A | Solid Edge SE2021 toutes les versions antérieures à SE2021MP5 | ||
| Siemens | N/A | RWG1.M12 toutes les versions | ||
| Siemens | N/A | Les produits SIMATIC, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | RWG1.M8 toutes les versions | ||
| Siemens | N/A | Les produits RUGGEDCOM, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SINEC PNI toutes les versions | ||
| Siemens | N/A | SINEMA Remote Connect Server toutes les versions |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMIT Simulation Platform toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities toutes les versions ant\u00e9rieures \u00e0 13.0.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Teamcenter, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINAMICS, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV PROFINET toutes les versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SOFTNET-IE PNIO toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS CAPE Protection Simulation Platform:CAPE 14 install\u00e9 avant le 16 juin",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14.0.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINUMERIK, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes les versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Mendix, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV Ethernet/IP toutes les versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS:V1.0 SP1, V1.0 SP1 ant\u00e9rieures \u00e0 version V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SCALANCE, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12D toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 toutes les versions ant\u00e9rieures \u00e0 SE2021MP5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SIMATIC, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M8 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits RUGGEDCOM, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC PNI toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34320"
},
{
"name": "CVE-2021-34300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34300"
},
{
"name": "CVE-2015-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8011"
},
{
"name": "CVE-2021-34331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34331"
},
{
"name": "CVE-2021-34297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34297"
},
{
"name": "CVE-2021-31893",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31893"
},
{
"name": "CVE-2021-34324",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34324"
},
{
"name": "CVE-2021-34316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34316"
},
{
"name": "CVE-2021-34292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34292"
},
{
"name": "CVE-2021-33713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33713"
},
{
"name": "CVE-2021-31892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31892"
},
{
"name": "CVE-2021-34307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34307"
},
{
"name": "CVE-2021-34310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34310"
},
{
"name": "CVE-2021-34299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34299"
},
{
"name": "CVE-2021-33715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33715"
},
{
"name": "CVE-2021-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34293"
},
{
"name": "CVE-2021-34302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34302"
},
{
"name": "CVE-2021-34309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34309"
},
{
"name": "CVE-2021-34301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34301"
},
{
"name": "CVE-2021-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34305"
},
{
"name": "CVE-2021-34313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34313"
},
{
"name": "CVE-2021-33718",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33718"
},
{
"name": "CVE-2021-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25671"
},
{
"name": "CVE-2021-29998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29998"
},
{
"name": "CVE-2021-34330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34330"
},
{
"name": "CVE-2021-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34319"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-31895",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31895"
},
{
"name": "CVE-2020-15782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
},
{
"name": "CVE-2021-34333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34333"
},
{
"name": "CVE-2021-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34308"
},
{
"name": "CVE-2021-34317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34317"
},
{
"name": "CVE-2021-34321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34321"
},
{
"name": "CVE-2021-20094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
},
{
"name": "CVE-2021-20093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
},
{
"name": "CVE-2021-34295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34295"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2021-34328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34328"
},
{
"name": "CVE-2021-34326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34326"
},
{
"name": "CVE-2021-34318",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34318"
},
{
"name": "CVE-2021-34315",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34315"
},
{
"name": "CVE-2021-34327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34327"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-34322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34322"
},
{
"name": "CVE-2021-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34304"
},
{
"name": "CVE-2021-34314",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34314"
},
{
"name": "CVE-2020-28400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28400"
},
{
"name": "CVE-2021-34311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34311"
},
{
"name": "CVE-2021-33714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33714"
},
{
"name": "CVE-2021-34296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34296"
},
{
"name": "CVE-2021-31894",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31894"
},
{
"name": "CVE-2021-33710",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33710"
},
{
"name": "CVE-2021-34312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34312"
},
{
"name": "CVE-2021-34329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34329"
},
{
"name": "CVE-2021-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34303"
},
{
"name": "CVE-2021-34306",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34306"
},
{
"name": "CVE-2021-34298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34298"
},
{
"name": "CVE-2021-34291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34291"
},
{
"name": "CVE-2021-33709",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33709"
},
{
"name": "CVE-2021-34325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34325"
},
{
"name": "CVE-2021-34332",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34332"
},
{
"name": "CVE-2021-34323",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34323"
},
{
"name": "CVE-2021-34294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34294"
},
{
"name": "CVE-2021-33711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33711"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-518",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-641963 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-729965 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-560465 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-772220 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434536 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-209268 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173615 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-675303 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599968 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-622535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-941426 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-661034 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-373591 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352521 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-913875 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-483182 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}
CERTFR-2021-AVI-518
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMIT Simulation Platform toutes les versions | ||
| Siemens | N/A | JT Utilities toutes les versions antérieures à 13.0.2.0 | ||
| Siemens | N/A | SICAM 230 toutes les versions | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions | ||
| Siemens | N/A | TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions antérieures à 2.2 | ||
| Siemens | N/A | SINEC INS toutes les versions | ||
| Siemens | N/A | Les produits Teamcenter, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | Les produits SINAMICS, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV PROFINET toutes les versions antérieures à 2.1.3 | ||
| Siemens | N/A | SOFTNET-IE PNIO toutes les versions | ||
| Siemens | N/A | PSS CAPE Protection Simulation Platform:CAPE 14 installé avant le 16 juin | ||
| Siemens | N/A | SINEMA Server V14.0.2.x | ||
| Siemens | N/A | Les produits SINUMERIK, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | JT2Go toutes les versions antérieures à 13.2 | ||
| Siemens | N/A | Les produits Mendix, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SIMOCODE proV Ethernet/IP toutes les versions antérieures à 1.1.3 | ||
| Siemens | N/A | SINEC NMS:V1.0 SP1, V1.0 SP1 antérieures à version V1.0 SP2 | ||
| Siemens | N/A | Les produits SCALANCE, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | TIA Administrator toutes les versions | ||
| Siemens | N/A | RWG1.M12D toutes les versions | ||
| Siemens | N/A | Solid Edge SE2021 toutes les versions antérieures à SE2021MP5 | ||
| Siemens | N/A | RWG1.M12 toutes les versions | ||
| Siemens | N/A | Les produits SIMATIC, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | RWG1.M8 toutes les versions | ||
| Siemens | N/A | Les produits RUGGEDCOM, pour plus d'informations veuillez-vous référer aux avis éditeurs | ||
| Siemens | N/A | SINEC PNI toutes les versions | ||
| Siemens | N/A | SINEMA Remote Connect Server toutes les versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMIT Simulation Platform toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities toutes les versions ant\u00e9rieures \u00e0 13.0.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller, EK-ERTEC 200 ET EK-ERTEC 200P toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. SIPLUS NET variants) toutes les versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Teamcenter, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINAMICS, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV PROFINET toutes les versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SOFTNET-IE PNIO toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS CAPE Protection Simulation Platform:CAPE 14 install\u00e9 avant le 16 juin",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14.0.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SINUMERIK, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes les versions ant\u00e9rieures \u00e0 13.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits Mendix, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE proV Ethernet/IP toutes les versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS:V1.0 SP1, V1.0 SP1 ant\u00e9rieures \u00e0 version V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SCALANCE, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12D toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 toutes les versions ant\u00e9rieures \u00e0 SE2021MP5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M12 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits SIMATIC, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RWG1.M8 toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Les produits RUGGEDCOM, pour plus d\u0027informations veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteurs",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC PNI toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34320"
},
{
"name": "CVE-2021-34300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34300"
},
{
"name": "CVE-2015-8011",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8011"
},
{
"name": "CVE-2021-34331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34331"
},
{
"name": "CVE-2021-34297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34297"
},
{
"name": "CVE-2021-31893",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31893"
},
{
"name": "CVE-2021-34324",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34324"
},
{
"name": "CVE-2021-34316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34316"
},
{
"name": "CVE-2021-34292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34292"
},
{
"name": "CVE-2021-33713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33713"
},
{
"name": "CVE-2021-31892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31892"
},
{
"name": "CVE-2021-34307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34307"
},
{
"name": "CVE-2021-34310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34310"
},
{
"name": "CVE-2021-34299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34299"
},
{
"name": "CVE-2021-33715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33715"
},
{
"name": "CVE-2021-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34293"
},
{
"name": "CVE-2021-34302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34302"
},
{
"name": "CVE-2021-34309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34309"
},
{
"name": "CVE-2021-34301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34301"
},
{
"name": "CVE-2021-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34305"
},
{
"name": "CVE-2021-34313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34313"
},
{
"name": "CVE-2021-33718",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33718"
},
{
"name": "CVE-2021-25671",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25671"
},
{
"name": "CVE-2021-29998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29998"
},
{
"name": "CVE-2021-34330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34330"
},
{
"name": "CVE-2021-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34319"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-31895",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31895"
},
{
"name": "CVE-2020-15782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15782"
},
{
"name": "CVE-2021-34333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34333"
},
{
"name": "CVE-2021-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34308"
},
{
"name": "CVE-2021-34317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34317"
},
{
"name": "CVE-2021-34321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34321"
},
{
"name": "CVE-2021-20094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20094"
},
{
"name": "CVE-2021-20093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20093"
},
{
"name": "CVE-2021-34295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34295"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2021-34328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34328"
},
{
"name": "CVE-2021-34326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34326"
},
{
"name": "CVE-2021-34318",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34318"
},
{
"name": "CVE-2021-34315",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34315"
},
{
"name": "CVE-2021-34327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34327"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2021-34322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34322"
},
{
"name": "CVE-2021-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34304"
},
{
"name": "CVE-2021-34314",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34314"
},
{
"name": "CVE-2020-28400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28400"
},
{
"name": "CVE-2021-34311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34311"
},
{
"name": "CVE-2021-33714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33714"
},
{
"name": "CVE-2021-34296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34296"
},
{
"name": "CVE-2021-31894",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31894"
},
{
"name": "CVE-2021-33710",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33710"
},
{
"name": "CVE-2021-34312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34312"
},
{
"name": "CVE-2021-34329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34329"
},
{
"name": "CVE-2021-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34303"
},
{
"name": "CVE-2021-34306",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34306"
},
{
"name": "CVE-2021-34298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34298"
},
{
"name": "CVE-2021-34291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34291"
},
{
"name": "CVE-2021-33709",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33709"
},
{
"name": "CVE-2021-34325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34325"
},
{
"name": "CVE-2021-34332",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34332"
},
{
"name": "CVE-2021-34323",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34323"
},
{
"name": "CVE-2021-34294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34294"
},
{
"name": "CVE-2021-33711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33711"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-518",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-641963 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-729965 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-560465 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-772220 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434536 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-209268 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173615 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-675303 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-434535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599968 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-622535 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-941426 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-661034 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-373591 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352521 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-913875 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-483182 du 13 juillet 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}
FKIE_CVE-2021-34320
Vulnerability from fkie_nvd - Published: 2021-07-13 11:15 - Updated: 2024-11-21 06:10
Severity ?
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | Vendor Advisory | |
| productcert@siemens.com | https://www.zerodayinitiative.com/advisories/ZDI-21-856/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-856/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | jt2go | * | |
| siemens | teamcenter_visualization | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFFF33E-9758-4C92-B2BF-2CF0E2EA6217",
"versionEndExcluding": "13.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C391214-6E11-4196-BF69-5327069864D8",
"versionEndExcluding": "13.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones anteriores a V13.2), Teamcenter Visualization (Todas las versiones anteriores a V13.2). La biblioteca Jt981.dll de las aplicaciones afectadas no comprueba apropiadamente los datos proporcionados por el usuario cuando se analizan los archivos JT. Esto podr\u00eda resultar en una lectura fuera de l\u00edmites m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante podr\u00eda aprovechar esta vulnerabilidad para filtrar informaci\u00f3n en el contexto del proceso actual. (ZDI-CAN-13406)"
}
],
"id": "CVE-2021-34320",
"lastModified": "2024-11-21T06:10:09.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-13T11:15:12.450",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856/"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202107-1415
Vulnerability from variot - Updated: 2023-12-18 11:18A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13406 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jt2go",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "13.2.0"
},
{
"model": "teamcenter visualization",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "13.2.0"
},
{
"model": "teamcenter visualization",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "13.2"
},
{
"model": "jt2go",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "jt2go",
"scope": null,
"trust": 0.7,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34320"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mat Powell of Trend Micro Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
}
],
"trust": 0.7
},
"cve": "CVE-2021-34320",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-34320",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34320",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2021-34320",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-34320",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2021-34320",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-908",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34320",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-13406 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of JT files. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34320",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-21-856",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-483182",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13406",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-194-15",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071508",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34320",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202107-1415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15799868
},
"last_update_date": "2023-12-18T11:18:08.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-483182",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"title": "",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"title": "Siemens Jt2go and Siemens Teamcenter Visualization Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=156601"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=aa85c53444a3e0726ddb55922c9060c8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-34320 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-856/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34320"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071508"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-34320"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"date": "2022-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"date": "2021-07-13T11:15:12.450000",
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"date": "2021-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-856"
},
{
"date": "2022-10-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34320"
},
{
"date": "2022-04-19T09:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-009285"
},
{
"date": "2022-10-07T20:47:39.753000",
"db": "NVD",
"id": "CVE-2021-34320"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-908"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JT2Go\u00a0 and \u00a0Teamcenter\u00a0Visualization\u00a0 Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009285"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-908"
}
],
"trust": 0.6
}
}
CNVD-2021-51457
Vulnerability from cnvd - Published: 2021-07-16
VLAI Severity ?
Title
Siemens JT2Go和Teamcenter Visualization缓冲区过读漏洞(CNVD-2021-51457)
Description
Siemens Jt2go是一款JT文件查看器。Siemens Teamcenter Visualization是一个可为设计2D、3D场景提供团队协作功能的软件。
Siemens JT2Go 13.2之前版本和Teamcenter Visualization 13.2之前版本存在缓冲区过读漏洞。该漏洞源于Jt981.dll库在解析JT文件时未能正确验证用户提供的数据。攻击者可利用该漏洞在当前进程的上下文中泄露信息。
Severity
中
Patch Name
Siemens JT2Go和Teamcenter Visualization缓冲区过读漏洞(CNVD-2021-51457)的补丁
Patch Description
Siemens Jt2go是一款JT文件查看器。Siemens Teamcenter Visualization是一个可为设计2D、3D场景提供团队协作功能的软件。
Siemens JT2Go 13.2之前版本和Teamcenter Visualization 13.2之前版本存在缓冲区过读漏洞。该漏洞源于Jt981.dll库在解析JT文件时未能正确验证用户提供的数据。攻击者可利用该漏洞在当前进程的上下文中泄露信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15
Reference
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15
Impacted products
| Name | ['SIEMENS JT2Go <13.2', 'SIEMENS Teamcenter Visualization <13.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-34320",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-34320"
}
},
"description": "Siemens Jt2go\u662f\u4e00\u6b3eJT\u6587\u4ef6\u67e5\u770b\u5668\u3002Siemens Teamcenter Visualization\u662f\u4e00\u4e2a\u53ef\u4e3a\u8bbe\u8ba12D\u30013D\u573a\u666f\u63d0\u4f9b\u56e2\u961f\u534f\u4f5c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002\n\nSiemens JT2Go 13.2\u4e4b\u524d\u7248\u672c\u548cTeamcenter Visualization 13.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u8fc7\u8bfb\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eJt981.dll\u5e93\u5728\u89e3\u6790JT\u6587\u4ef6\u65f6\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6cc4\u9732\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsa-21-194-15",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-51457",
"openTime": "2021-07-16",
"patchDescription": "Siemens Jt2go\u662f\u4e00\u6b3eJT\u6587\u4ef6\u67e5\u770b\u5668\u3002Siemens Teamcenter Visualization\u662f\u4e00\u4e2a\u53ef\u4e3a\u8bbe\u8ba12D\u30013D\u573a\u666f\u63d0\u4f9b\u56e2\u961f\u534f\u4f5c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002\r\n\r\nSiemens JT2Go 13.2\u4e4b\u524d\u7248\u672c\u548cTeamcenter Visualization 13.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u8fc7\u8bfb\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eJt981.dll\u5e93\u5728\u89e3\u6790JT\u6587\u4ef6\u65f6\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens JT2Go\u548cTeamcenter Visualization\u7f13\u51b2\u533a\u8fc7\u8bfb\u6f0f\u6d1e\uff08CNVD-2021-51457\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"SIEMENS JT2Go \u003c13.2",
"SIEMENS Teamcenter Visualization \u003c13.2"
]
},
"referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-15",
"serverity": "\u4e2d",
"submitTime": "2021-07-14",
"title": "Siemens JT2Go\u548cTeamcenter Visualization\u7f13\u51b2\u533a\u8fc7\u8bfb\u6f0f\u6d1e\uff08CNVD-2021-51457\uff09"
}
ICSA-21-194-15
Vulnerability from csaf_cisa - Published: 2021-07-13 00:00 - Updated: 2021-07-13 00:00Summary
ICSA-21-194-15_Siemens JT2Go and Teamcenter Visualization
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Brian Gorenc and Mat Powell of Trend Micro Zero Day Initiative; garmin and xina1i at SecZone; and Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
Exploitability
No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.
{
"document": {
"acknowledgments": [
{
"names": [
"Brian Gorenc",
"Mat Powell"
],
"organization": "Trend Micro Zero Day Initiative",
"summary": "reporting these vulnerabilities to CISA"
},
{
"names": [
"garmin",
"xina1i"
],
"organization": "SecZone",
"summary": "reporting these vulnerabilities to CISA"
},
{
"names": [
"Tran Van Khang - khangkito"
],
"organization": "VinCSS",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "summary",
"text": "Brian Gorenc and Mat Powell of Trend Micro Zero Day Initiative; garmin and xina1i at SecZone; and Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.",
"title": "Summary"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "CISAservicedesk@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-15 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-194-15.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-194-15 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-15"
}
],
"title": "ICSA-21-194-15_Siemens JT2Go and Teamcenter Visualization",
"tracking": {
"current_release_date": "2021-07-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA USCert CSAF Generator",
"version": "1"
}
},
"id": "ICSA-21-194-15",
"initial_release_date": "2021-07-13T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-07-13T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-194-15 Siemens JT2Go and Teamcenter Visualization"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 13.2",
"product": {
"name": "Teamcenter Visualization: All versions prior to v13.2",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Teamcenter Visualization"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 13.2",
"product": {
"name": "JT2Go: All versions prior to v13.2",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "JT2Go"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34333",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in a double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial-of-service condition.CVE-2021-34333 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34333"
},
{
"cve": "CVE-2021-34332",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to a denial-of-service condition. An attacker could leverage this vulnerability to consume excessive resources.CVE-2021-34332 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34332"
},
{
"cve": "CVE-2021-34331",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34331 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34331"
},
{
"cve": "CVE-2021-34330",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34330 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34330"
},
{
"cve": "CVE-2021-34329",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34329 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34329"
},
{
"cve": "CVE-2021-34328",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34328 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34328"
},
{
"cve": "CVE-2021-34327",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34327 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34327"
},
{
"cve": "CVE-2021-34326",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. CVE-2021-34326 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34326"
},
{
"cve": "CVE-2021-34325",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. CVE-2021-34325 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34325"
},
{
"cve": "CVE-2021-34324",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. CVE-2021-34324 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34324"
},
{
"cve": "CVE-2021-34323",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. CVE-2021-34323 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34323"
},
{
"cve": "CVE-2021-34322",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. CVE-2021-34322 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34322"
},
{
"cve": "CVE-2021-34321",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34321 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34321"
},
{
"cve": "CVE-2021-34320",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34320 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34320"
},
{
"cve": "CVE-2021-34319",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34319 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34319 "
},
{
"cve": "CVE-2021-34318",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34318 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34318"
},
{
"cve": "CVE-2021-34317",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34317 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34317"
},
{
"cve": "CVE-2021-34316",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34316 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34316"
},
{
"cve": "CVE-2021-34315",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34315 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34315"
},
{
"cve": "CVE-2021-34314",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34314 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34314 "
},
{
"cve": "CVE-2021-34313",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34313 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34313"
},
{
"cve": "CVE-2021-34312",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34312 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34312"
},
{
"cve": "CVE-2021-34311",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34311 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34311"
},
{
"cve": "CVE-2021-34310",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34310 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34310"
},
{
"cve": "CVE-2021-34309",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34309 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34309"
},
{
"cve": "CVE-2021-34308",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34308 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34308"
},
{
"cve": "CVE-2021-34307",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34307 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34307"
},
{
"cve": "CVE-2021-34306",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34306 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34306"
},
{
"cve": "CVE-2021-34305",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34305 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34305"
},
{
"cve": "CVE-2021-34304",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34304 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34304"
},
{
"cve": "CVE-2021-34303",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34303 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34303"
},
{
"cve": "CVE-2021-34302",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34302 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34302"
},
{
"cve": "CVE-2021-34301",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34301 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34301"
},
{
"cve": "CVE-2021-34300",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34300 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34300"
},
{
"cve": "CVE-2021-34299",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process.CVE-2021-34299 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34299"
},
{
"cve": "CVE-2021-34298",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34298 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34298"
},
{
"cve": "CVE-2021-34297",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34297 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34297"
},
{
"cve": "CVE-2021-34296",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34296 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34296"
},
{
"cve": "CVE-2021-34295",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34295 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34295"
},
{
"cve": "CVE-2021-34294",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34294 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34294"
},
{
"cve": "CVE-2021-34293",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34293 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34293"
},
{
"cve": "CVE-2021-34292",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out-of-bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34292 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34292"
},
{
"cve": "CVE-2021-34291",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.CVE-2021-34291 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security, and to follow the recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf"
},
{
"category": "mitigation",
"details": "JT2Go: Update to v13.2",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.plm.automation.siemens.com/global/en/products/plm-components/jt2go.html"
},
{
"category": "mitigation",
"details": "Teamcenter Visualization: Update to v13.2 (login required)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-34291"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…