github - ghsa-55gp-7hw4-qj3q

ghsa-55gp-7hw4-qj3q

Vulnerability from github

Published

2024-05-14 18:31

Modified

2024-05-14 18:31

Severity

7.8 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T16:17:22Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.",
  "id": "GHSA-55gp-7hw4-qj3q",
  "modified": "2024-05-14T18:31:01Z",
  "published": "2024-05-14T18:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34085"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-34085

Vulnerability from cvelistv5

Published

2024-05-14 10:03

Modified

2024-08-02 02:42

Severity

7.8 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.

References

URL	Tags
https://cert-portal.siemens.com/productcert/html/ssa-661579.html

Impacted products

Vendor	Product
Siemens	JT2Go
Siemens	Teamcenter Visualization V14.1
Siemens	Teamcenter Visualization V14.2
Siemens	Teamcenter Visualization V14.3
Siemens	Teamcenter Visualization V2312

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:teamcenter_visualization:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "teamcenter_visualization",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "14.1.0.13",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:teamcenter_visualization:14.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "teamcenter_visualization",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "14.2.0.10",
                "status": "affected",
                "version": "14.2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jt2go",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2312.0001",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:siemens:teamcenter_visualization:2312:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "teamcenter_visualization",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2312.0001",
                "status": "affected",
                "version": "2312",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T14:07:42.511828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T18:03:43.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0001",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.1.0.13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.2.0.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V14.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V14.3.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Teamcenter Visualization V2312",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2312.0001",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V2312.0001), Teamcenter Visualization V14.1 (All versions \u003c V14.1.0.13), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.10), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.7), Teamcenter Visualization V2312 (All versions \u003c V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T07:24:54.668Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-34085",
    "datePublished": "2024-05-14T10:03:09.574Z",
    "dateReserved": "2024-04-30T09:05:07.900Z",
    "dateUpdated": "2024-08-02T02:42:59.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.